Critical cPanel Vulnerability Exploited in Southeast Asia Cyber Attacks

A sophisticated campaign exploited cPanel CVE-2026-41940 (CVSS 9.8) in late April 2026 to breach government and military servers in Southeast Asia—particularly Indonesia—exfiltrating over 4GB of sensitive documents related to Chinese railway projects; the zero-day exploit chain also affected MSPs in the Philippines, Laos, Canada, and the U.S., and organizations are urged to patch immediately.