The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive requiring federal agencies to patch a critical vulnerability in the LiteSpeed cPanel plugin within four days. The flaw is currently being exploited in active attacks.
CISA added the LiteSpeed plugin vulnerability to its Known Exploited Vulnerabilities catalog, triggering mandatory patching deadlines for federal agencies under binding operational directives. The four-day window reflects the severity of the threat and active exploitation in the wild.
The LiteSpeed cPanel plugin manages user-end functions for server administrators and developers. The vulnerability allows attackers to execute arbitrary code, potentially giving them full control over affected systems. Federal agencies running vulnerable versions face immediate risk to sensitive infrastructure and data.
CISA's action signals that this is not a theoretical threat. The fact that attackers are actively leveraging the flaw means exploitation could spread rapidly across unpatched systems. Federal agencies that fail to meet the deadline face potential enforcement action.
The vulnerability affects multiple versions of the plugin. Organizations should identify which systems are running LiteSpeed cPanel implementations and verify their current patch status immediately. Patch availability varies by vendor; agencies must check for updates from their service providers.
This directive underscores the critical role cPanel and related control panel software plays in federal infrastructure. These platforms manage thousands of servers across government agencies and their contractors. A single vulnerability in such widely-deployed software creates cascading risk.
Agencies unable to patch within four days should implement compensating controls, including network segmentation, access restrictions, and enhanced monitoring. CISA recommends isolating affected systems from untrusted networks until patches are deployed.
The agency has not disclosed specific details about exploitation techniques or affected versions beyond the binding directive. Organizations outside federal agencies should treat the four-day timeline as a reference point for their own patching schedules, particularly critical infrastructure operators in energy, communications, and financial sectors.
Federal contractors and vendors supporting government agencies should prioritize this patch equally to direct federal systems, as supply chain compromise remains a persistent attack vector.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.
Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.
A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.