Hackers are mass-exploiting the cPanel bug to gain control of thousands of websites

Nearly a week after disclosure of a critical cPanel/WHM vulnerability (CVE-2026-41940), attackers have been mass-compromising servers — Shadowserver reports ~550,000 potentially vulnerable servers and roughly 2,000 likely compromised instances — with some sites showing ransomware messages; CISA added the flaw to its Known Exploited Vulnerabilities catalog and urged immediate patching.