Web hosts are scrambling to fix the bug under active attack by hackers. One company said hackers have been abusing the bug for months.

Panel patched three vulnerabilities, including two 8.8 CVSS flaws, reducing risks of code execution and privilege escalation.

CVE-2026-41940 exploitation by 2,000 IPs enabled Filemanager backdoor attacks, causing credential theft and persistent access ...

If your website runs on shared hosting, there is a reasonable chance it sits on a server managed by cPanel, the control panel software that powers a significant share of the world’s web hosting ...

Cybercriminals are exploiting a recently discovered vulnerability in cPanel and WebHost Manager on a large scale. These widely used web server management ...

A newly discovered bug in cPanel and WebHost Manager (WHM) software is being actively exploited by hackers, potentially affecting tens of millions of websites worldwide.

CVE-2026-41940 is a critical authentication bypass vulnerability affecting cPanel & WHM, including DNSOnly, in versions after 11.40. The flaw, discovered by WatchTowr Labs, exists in the login flow ...

Patch now! Attackers worldwide are exploiting a critical security vulnerability in cPanel/WHM. Security updates are available.

A vulnerability in the cPanel/WHM admin interface lets attackers access websites without a username and password.

The popular cPanel web hosting server control panel software recently issued a patch to fix a critical flaw in the log4j Java library discovered in part of the software used for email. The ...