The Hacker News

Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately

Panel patches authentication flaw across supported versions, prompting Namecheap port blocks and temporary access limits.

Hackers are actively exploiting a bug in cPanel, used by millions of websites

Web hosts are scrambling to fix the bug under active attack by hackers. One company said hackers have been abusing the bug ...

Hackers are mass-exploiting the cPanel bug to gain control of thousands of websites

Days after the disclosure of a critical vulnerability in popular web hosting software cPanel and WHM, hackers keep targeting ...
SecurityWeek

Critical cPanel & WHM Vulnerability Exploited as Zero-Day for Months

A critical-severity authentication bypass vulnerability in cPanel & WHM has been exploited as a zero-day since February 2026.
SecurityWeek

Over 40,000 Servers Compromised in Ongoing cPanel Exploitation

Over 40,000 servers have likely been compromised in ongoing attacks targeted at a recently patched cPanel zero-day.
Bleeping Computer

cPanel 2FA bypassed in minutes via brute-force attacks

A security flaw in the cPanel web hosting control panel allows attackers to circumvent two-factor authentication (2FA) checks via brute-force attacks for domains managed using vulnerable cPanel & ...

Security Patch: Security vulnerabilities in cPanel and WHM closed again

Attackers can attack cPanel and WebHost Manager with malicious code, among other things. Security patches are available.

cPanel/WHM: Unauthorized access to web server configuration tool possible

Attackers can exploit a “ critical ” security vulnerability in the cPanel and WebHost Manager (WHM) web server administration ...