Hackers are actively exploiting a bug in cPanel, used by millions of websites

Web hosts are scrambling to fix the bug under active attack by hackers. One company said hackers have been abusing the bug for months.
Morning Overview on MSN

More than 40,000 cPanel servers are being hijacked in an ongoing attack that hands hackers entire web-hosting fleets

Attackers are actively exploiting a vulnerability in cPanel, the web-hosting control panel used by millions of websites ...
The Hacker News

CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation

CISA added CVE-2026-54420 to KEV, requiring federal agencies to patch LiteSpeed cPanel root escalation by June 18, 2026.

Root attacks on Cisco Catalyst SD-WAN Manager and cPanel plugin LiteSpeed

Attackers are targeting Cisco Catalyst SD-WAN Manager and cPanel instances with the LiteSpeed plugin. However, attacks are ...
Searchenginejournal.com

cPanel Plugin Contains Log4j Vulnerability

The popular cPanel web hosting server control panel software recently issued a patch to fix a critical flaw in the log4j Java library discovered in part of the software used for email. The ...
SecurityWeek

Joomla, LiteSpeed Vulnerabilities Exploited in Attacks

Threat actors are exploiting vulnerabilities in Joomla and the LiteSpeed cPanel plugin for code execution and privilege ...
Hosted on MSN

CISA warns of active cPanel flaw exploitation ahead of June 12 deadline

Confirmed exploitation: CISA added CVE-2026-41940 to its Known Exploited Vulnerabilities list after confirming real-world attacks on vulnerable cPanel versions. Potential state actor: Private threat ...