Nearly a week after the makers of popular web server management software warned cPanel and WebHost Manager (WHM) users about a critical software flaw, hackers are still targeting thousands of websites using the vulnerable software.
It has been since Monday More than 550,000 potentially vulnerable servers running cPanel, this number remains stable for days. And now there is about 2000 cPanel instances likely fell below 44,000 on Thursday. These statistics are published by Shadowserver, a nonprofit organization that scans and monitors the Internet for cyberattacks.
Security researchers warned about this on Thursday hackers have started compromising servers running cPanel and WHMexploiting a bug that allows attackers to take full control and hijack vulnerable servers via control panels.
Bleeping Computer reportsthe extent of the damage is seen by Google indexed dozens of websites displayed messages from a group of hackers claiming to have encrypted the victim’s files at some point in an apparent ransomware attack. Some of those sites are now loading normally.
The ransom note contains the chat IDs of victims who contacted the hackers, who did not immediately respond to TechCrunch’s request for comment.
The US Cybersecurity and Infrastructure Security Agency (CISA) warned Thursday that the vulnerability, tracked as CVE-2026-41940, is being exploited in the wild and he added to its Known Exploitable Vulnerabilities (KEV) directory. CISA requested a patch from government agencies by Sunday. CISA did not immediately respond to a request for comment and asked if it could confirm that government agencies had patched their servers.
Attacks against web servers running cPanel and WHM are likely ongoing long before the vulnerability is disclosed. According to Daniel Pearson, CEO of KnownHosthis company discovered the attacks as early as February 23.
Techcrunch event
San Francisco, CA
|
October 13-15, 2026
Executives at Webpros, which develops cPanel and WHM and says it powers 60 million domains, did not respond to a request for comment.
When you purchase through links in our articles, we may earn a small commission. This does not affect our editorial independence.
