Nearly a week after the makers of popular web server management software cPanel and WebHost Manager (WHM) notified users of a critical flaw in its software, hackers are still targeting thousands of websites using the vulnerable software.
They have been there since Monday over 550,000 potentially vulnerable servers running cPanel, a number that has remained constant for days. And there are now about 2,000 cPanel instances were likely compromised, up from about 44,000 on Thursday. These statistics are published by Shadowserver, a non-profit organization that scans and monitors the internet for cyber attacks.
On Thursday, security researchers announced that hackers began compromising servers with cPanel and WHM, exploiting a bug that allowed attackers to take full control and compromise vulnerable servers through their control panels.
As reported by Bleeping Computerthe extent of the damage is shown by the fact that Google has been indexed dozens of websites that at one point displayed a message from a group of hackers claiming to encrypt the victim’s files in an apparent ransomware attack. Some of these sites are now loading normally.
The ransom note included a chat ID for victims to contact the hackers, who did not immediately respond to TechCrunch’s request for comment.
The US Cybersecurity and Infrastructure Security Agency (CISA) warned Thursday that the vulnerability — tracked as CVE-2026-41940 — is being exploited in nature and he added it in the list of Known Exploitable Vulnerabilities (KEV). CISA asked government agencies to fix by Sunday. CISA did not immediately respond to a request for comment, asking if it could confirm that government agencies have patched their servers.
Attacks against web servers running cPanel and WHM are likely to have been ongoing much earlier than the vulnerability was disclosed. According to KnownHost CEO Daniel Pearsonhis company detected attacks as early as February 23.
Techcrunch event
San Francisco, California
|
13-15 October 2026
Executives at WebPros, the company that develops cPanel and WHM and says it powers 60 million domains, did not respond to a request for comment.
When you purchase through links in our articles, we may earn a small commission. This does not affect our editorial independence.
