South-East Asian Military Entities Targeted via cPanel (CVE-2026-41940)

Ctrl-Alt-Intel discovered an active campaign that rapidly weaponised CVE-2026-41940 (cPanel/WHM authentication bypass) using public PoCs to compromise internet-facing control panels and a separate custom SQLi->PostgreSQL RCE against an Indonesian defence portal; the operator used OpenVPN + Ligolo pivoting, AdaptixC2 and systemd-based persistence to access internal networks and exfiltrated ~4.37GB of China railway-sector documents (110 files), with numerous IOCs and MITRE ATT&CK mappings provided.