:

CPANEL BUG UNDER ACTIVE EXPLOIT BY HACKERS

SECURITY DESK2 MIN READ
THU, APR 30, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Web hosting providers are rushing to patch a critical vulnerability in cPanel, the control panel software used by millions of websites. Hackers have been actively exploiting the flaw for months.

cPanel, which manages hosting accounts and server administration for a significant portion of the web, is the target of an ongoing attack campaign. Web hosts and system administrators worldwide have begun emergency patching efforts as the scope of the exploitation becomes clear. The vulnerability allows attackers to gain unauthorized access to hosting accounts and potentially compromise websites and data stored on affected servers. Security researchers indicate the bug has been leveraged by threat actors for an extended period, meaning the actual number of compromised systems could be substantial. One hosting company confirmed hackers have been abusing the vulnerability for months before the issue gained wider attention. The extended window of exploitation raises concerns about the full extent of the breach and what attackers may have accessed or modified during that time. Web hosts are prioritizing patches and updates to their systems. The distributed nature of cPanel deployments across thousands of hosting providers means the patch rollout will take time, leaving some infrastructure exposed during the transition period. Administrators managing cPanel installations have been advised to apply security updates immediately and review access logs for signs of unauthorized activity. Organizations using shared hosting should contact their providers to confirm patch status. This incident highlights the risks posed by vulnerabilities in widely-used infrastructure software. A single bug in popular hosting control panels can affect millions of websites simultaneously, making rapid patch deployment critical to prevent large-scale compromises. Details about the specific vulnerability and recommended remediation steps are being distributed through official cPanel channels and security advisories.

■ SOURCES

TechCrunch

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

A new macOS malware called CrashStealer disguises itself as Apple's crash-reporting tool to steal credentials, keychain data, and cryptocurrency wallets from infected systems.

JUST NOWSecurity Desk

Security firm Jscrambler disclosed that attackers published a malicious version of its npm package, which was downloaded nearly 1,500 times before detection. The compromised package contained infostealer malware targeting developer systems.

JUST NOWSecurity Desk

Security researchers are turning prompt injection attacks into a defensive weapon. The technique, called "context bombing," forces malicious AI agents to shut down before causing damage.

2H AGOIndustry Desk

The Los Angeles Police Department has allowed its contract with surveillance company Flock to expire, citing serious civil liberties and privacy concerns. The move marks a significant departure for one of Flock's largest government customers.

4H AGOSecurity Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.