Hackers are actively exploiting a bug in cPanel and WHM techcrunch.com 40 points by dotmanish 4 days ago
sikozu 4 days ago There must be so many (small) shared hosting companies that don't update their software, those poor customers.
ChrisArchitect 3 days ago A full breakdown of the vulnerability: https://labs.watchtowr.com/the-internet-is-falling-down-fall... sikozu 3 days ago Thanks for sharing, this is a great read!
dspillett 4 days ago With this (CVE-2026-41940) and copy.fail (CVE-2026-3143), it must be an exciting time in the shared hosting business right now… Glad I've been out of it for a long time.
jmclnx 3 days ago Luckily my site uses Plesk after moving away from cPanel years ago.I have to wonder if this issue is due to never reviewing auto-test scripts ?I know where I worked, testing is now an afterthought and half the time testing means no issues compiling and deploying :)We had a separate testing group and they caught lots of issues. But due to Agile, they were all fired years ago. cestith 3 days ago Plesk is a separate team owned by the same parent company.
aitchnyu 3 days ago Which are the safest control panels^ ? Been thinking about Hostineer which developed and dogfooded ApisCP over 20 years.[^] a product made for commercial operators stuffing thousands of PHP sites into a server, so no Coolify, Google Cloud Run.
There must be so many (small) shared hosting companies that don't update their software, those poor customers.
A full breakdown of the vulnerability: https://labs.watchtowr.com/the-internet-is-falling-down-fall...
Thanks for sharing, this is a great read!
With this (CVE-2026-41940) and copy.fail (CVE-2026-3143), it must be an exciting time in the shared hosting business right now… Glad I've been out of it for a long time.
Luckily my site uses Plesk after moving away from cPanel years ago.
I have to wonder if this issue is due to never reviewing auto-test scripts ?
I know where I worked, testing is now an afterthought and half the time testing means no issues compiling and deploying :)
We had a separate testing group and they caught lots of issues. But due to Agile, they were all fired years ago.
Plesk is a separate team owned by the same parent company.
Which are the safest control panels^ ? Been thinking about Hostineer which developed and dogfooded ApisCP over 20 years.
[^] a product made for commercial operators stuffing thousands of PHP sites into a server, so no Coolify, Google Cloud Run.