Hackers are actively exploiting a bug in cPanel and WHM
techcrunch.comThere must be so many (small) shared hosting companies that don't update their software, those poor customers.
A full breakdown of the vulnerability: https://labs.watchtowr.com/the-internet-is-falling-down-fall...
Thanks for sharing, this is a great read!
With this (CVE-2026-41940) and copy.fail (CVE-2026-3143), it must be an exciting time in the shared hosting business right now… Glad I've been out of it for a long time.
Luckily my site uses Plesk after moving away from cPanel years ago.
I have to wonder if this issue is due to never reviewing auto-test scripts ?
I know where I worked, testing is now an afterthought and half the time testing means no issues compiling and deploying :)
We had a separate testing group and they caught lots of issues. But due to Agile, they were all fired years ago.
Plesk is a separate team owned by the same parent company.
Which are the safest control panels^ ? Been thinking about Hostineer which developed and dogfooded ApisCP over 20 years.
[^] a product made for commercial operators stuffing thousands of PHP sites into a server, so no Coolify, Google Cloud Run.