{"vulnerability": "CVE-2026-41940", "sightings": [{"uuid": "e5e54ea2-5db3-4b9d-8f53-e44a78202e10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://infosec.exchange/users/dragonjar/statuses/116493321164201535", "content": "En las \u00faltimas 24 horas se han detectado vulnerabilidades cr\u00edticas que afectan sistemas Linux, cPanel, routers de Solana y Adobe Acrobat, exponiendo a usuarios a escalada de privilegios, suplantaci\u00f3n de autenticaci\u00f3n, robo de tokens y ejecuci\u00f3n remota de c\u00f3digo; adem\u00e1s, se reportan fallos en Cloudflare y un malware avanzado que amenaza sectores cient\u00edficos. Descubre estos y m\u00e1s detalles en el siguiente listado de noticias sobre seguridad inform\u00e1tica:\n\ud83d\uddde\ufe0f \u00daLTIMAS NOTICIAS EN SEGURIDAD INFORM\u00c1TICA \ud83d\udd12====| \ud83d\udd25 LO QUE DEBES SABER HOY \ufeff\ufeff30/04/26\ufeff\ufeff  \ud83d\udcc6 |==== \n\ud83d\udd12 COPY FAIL \u2014 732 BYTES TO ROOT\nSe ha descubierto una vulnerabilidad cr\u00edtica en Linux (CVE-2026-31431) que permite escalar privilegios a nivel root sin riesgo de condiciones de carrera ni necesidad de usar offsets. Esta falla evade las herramientas de integridad de archivos en disco y afecta incluso a entornos aislados como contenedores, representando un riesgo grave para la seguridad de sistemas Linux. Detectada por Xint Code, es esencial actualizar y proteger su infraestructura cuanto antes. Descubre m\u00e1s sobre esta vulnerabilidad y su impacto aqu\u00ed \ud83d\udc49 https://djar.co/3ckGrI\n\ud83c\udf10 LA INTERNET EST\u00c1 CAYENDO, CAYENDO, CAYENDO (CVE-2026-41940 EN CPANEL Y WHM)\nUna falla de suplantaci\u00f3n de autenticaci\u00f3n ha sido identificada en cPanel y WHM, dos herramientas clave para la gesti\u00f3n de hosting. Esta vulnerabilidad permite a atacantes no autenticados obtener sesiones de usuario, inclusive con privilegios de administrador root, mediante un bypass completo en la autenticaci\u00f3n. La amenaza compromete la seguridad de miles de servidores web, por lo que se recomienda aplicar los parches disponibles de inmediato. Inf\u00f3rmate sobre c\u00f3mo proteger tus sistemas aqu\u00ed \ud83d\udc49 https://djar.co/ScQtAV\n\ud83d\udd17 VULNERABILIDAD EN EL ROUTER DE SOLANA\nImportantes fallos de seguridad han sido detectados en el enrutador de la red Solana, facilitando el drenaje de cuentas de tokens y poniendo en riesgo la integridad de las transacciones financieras dentro de esta blockchain. Estas vulnerabilidades cr\u00edticas podr\u00edan comprometer fondos y confianza en la plataforma, por lo que es imprescindible que los usuarios y desarrolladores tomen medidas urgentes para mitigar estos riesgos. Detalles y recomendaciones aqu\u00ed \ud83d\udc49 https://djar.co/2clAA\n\ud83d\udcc4 TRES VULNERABILIDADES EN ADOBE ACROBAT QUE COMPROMETEN SEGURIDAD\nAdobe ha revelado tres vulnerabilidades cr\u00edticas (CVE-2026-34621, CVE-2026-34622, CVE-2026-34626) que permiten la ejecuci\u00f3n remota de c\u00f3digo y la filtraci\u00f3n de informaci\u00f3n mediante archivos PDF maliciosos. Estos fallos afectan versiones populares como Acrobat DC y Reader DC, poniendo en riesgo a millones de usuarios que manejan documentos digitales. Actualizar a la \u00faltima versi\u00f3n es fundamental para evitar intrusiones y p\u00e9rdidas de datos. Conoce los detalles y actualizaciones disponibles aqu\u00ed \ud83d\udc49 https://djar.co/Rvvu5\n\ud83c\udfdb\ufe0f LA ESTRATEGIA DEL CONGRESO CONTRA BLOQUEOS MASIVOS DE IP POR LALIGA\nEl Congreso ha aprobado una reforma a la Ley de Servicios Digitales para evitar bloqueos masivos de direcciones IP que afecten a p\u00e1ginas ajenas en procesos contra la pirater\u00eda, buscando un equilibrio entre la protecci\u00f3n de derechos y la seguridad en internet. Esta medida evita que resoluciones judiciales derriben sitios web de terceros y promueve un entorno digital m\u00e1s seguro y regulado. Entiende el alcance y las implicaciones de esta reforma aqu\u00ed \ud83d\udc49 https://djar.co/8dbV\n\u2601\ufe0f VULNERABILIDADES CR\u00cdTICAS EN LA IMPLEMENTACI\u00d3N DE CLOUDFLARE\nSe han reportado vulnerabilidades en los proxies de autorizaci\u00f3n y archivos PAC alojados por Cloudflare que afectan la gesti\u00f3n de pol\u00edticas de seguridad de identidad sin necesidad de clientes en dispositivos finales. Estas fallas, aunque t\u00e9cnicas, representan un avance en c\u00f3mo se protegen las redes y requieren atenci\u00f3n para evitar posibles explotaciones. Mantente informado sobre c\u00f3mo estas vulnerabilidades impactan la seguridad del entorno web aqu\u00ed \ud83d\udc49 https://djar.co/Y6uR\n\ud83d\udc1b DETECTANDO LA AMENAZA DEL MALWARE FAST16\nUn malware avanzado, posiblemente desarrollado o patrocinado por un estado, ha sido identificado causando sabotajes discretos mediante la manipulaci\u00f3n de programas matem\u00e1ticos y simulaciones f\u00edsicas. Esta amenaza tiene potencial para generar fallos graves, afectando sectores cient\u00edficos y tecnol\u00f3gicos sensibles. La detecci\u00f3n y respuesta temprana son claves para mitigar el da\u00f1o. Aprende c\u00f3mo proteger tus sistemas frente a Fast16 aqu\u00ed \ud83d\udc49 https://djar.co/CN8X", "creation_timestamp": "2026-04-30T11:03:37.420149Z"}, {"uuid": "7614c4a1-3285-4a01-bded-1d885bf9f552", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41940", "type": "seen", "source": "https://infosec.exchange/users/threatcodex/statuses/116489341894139134", "content": "The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940)#CVE_2026_41940 https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/", "creation_timestamp": "2026-04-29T18:11:36.467062Z"}, {"uuid": "eaf25106-450e-4d54-bb8e-23ed3c986fbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mkniz3woo32i", "content": "CVE-2026-41940 - cPanel and WHM Authentication Bypass via Login Flow\nCVE ID : CVE-2026-41940\n \n Published : April 29, 2026, 3:10 p.m. | 1\u00a0hour, 6\u00a0minutes ago\n \n Description : cPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20, and ...", "creation_timestamp": "2026-04-29T16:21:40.697823Z"}, {"uuid": "a8b63cb0-0060-4ae6-b0ac-5b593304c27e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/infosecbot.bsky.social/post/3mknn2vjx232t", "content": "The Internet is falling down, falling down, falling down\n\nWelcome back to another disaster - this time, an Auth Bypass in cPanel/WHM, tracked as CVE-2026-41940\n\nEnjoy with us..\nhttps://t.co/bOzCP\u2026\n\n\ud83d\udd01 RT @watchtowrcyber | reposted by @HackingLZ\nhttps://x.com/watchtowrcyber/status/2049539206662287472", "creation_timestamp": "2026-04-29T17:34:16.475265Z"}, {"uuid": "1dec683f-44cc-478a-8b1f-b4939807278b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/r-netsec-bot.bsky.social/post/3mknmpy7lum23", "content": "The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940) - watchTowr Labs", "creation_timestamp": "2026-04-29T17:28:10.593932Z"}, {"uuid": "f5946658-bf48-4048-8150-f783fb54a539", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://www.cert.se/2026/04/cert-se-veckobrev-v18.html", "content": "", "creation_timestamp": "2026-04-30T03:15:00.000000Z"}, {"uuid": "f2fdb640-7c76-44aa-a779-4c8b85a8f45a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://cyber.gc.ca/en/alerts-advisories/cpanel-security-advisory-av26-404", "content": "", "creation_timestamp": "2026-04-30T11:04:58.000000Z"}, {"uuid": "49a469db-8114-4261-9d66-e914453efa9c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/r-netsec.bsky.social/post/3mkno75sbfu2n", "content": "The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940) - watchTowr Labs", "creation_timestamp": "2026-04-29T17:54:33.053182Z"}, {"uuid": "9555fe9a-0917-4e02-9cf7-c0236a78a670", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mknpwtpkuh27", "content": "CVE-2026-41940: CRITICAL cPanel & WHM Zero-Day Authentication Bypass\u2014Patch Now or Get Hacked! +\u00a0Video\n\nIntroduction A newly disclosed pre-authentication bypass vulnerability tracked as CVE-2026-41940 affects every supported version of cPanel & WHM\u2014the control plane software managing an estimated 70\u2026", "creation_timestamp": "2026-04-29T18:25:41.966209Z"}, {"uuid": "d54bbf1e-1132-4265-8a50-618aafe65352", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://gist.github.com/sysbitnet/018ef5466be693a196ce063e820ed2bd", "content": "", "creation_timestamp": "2026-05-01T03:19:55.000000Z"}, {"uuid": "10637fcd-f834-46dd-8f59-958a73f7d6d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://www.acn.gov.it/portale/w/cpanel-whm-e-wp-squared-poc-pubblico-per-lo-sfruttamento-della-cve-2026-41940", "content": "", "creation_timestamp": "2026-04-30T10:04:50.000000Z"}, {"uuid": "559f1dd0-c37b-4776-b1a7-c51fc1adc923", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://t.me/GithubRedTeam/82088", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-41940-cpanel-0day\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Sachinart\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-04-29 17:55:24\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-41940 latest cPanel & WHM 0day - 70 million websites are possible to expose by Chirag Artani\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-04-29T18:00:05.000000Z"}, {"uuid": "f6dee184-3ae7-4cbe-a79e-23b4eb6a163e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://www.ncsc.nl/alerts/kritieke-kwetsbaarheid-in-cpanel-en-whm-producten", "content": "", "creation_timestamp": "2026-04-30T04:25:13.000000Z"}, {"uuid": "26098017-bdc2-4b1d-9ceb-2d3869d0351c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://www.cert.se/2026/04/kritisk-sarbarhet-i-cpanel.html", "content": "", "creation_timestamp": "2026-04-30T01:25:00.000000Z"}, {"uuid": "0ab0d51e-5b26-4c23-9943-416a35143320", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "confirmed", "source": "https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2026/CVE-2026-41940.yaml", "content": "", "creation_timestamp": "2026-04-29T23:29:13.000000Z"}, {"uuid": "c991a3a7-4eb4-4a9e-bd5c-ffcd99af62f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://gist.github.com/sobujbd/5799bc678ee6a3ac7a11208951a4672b", "content": "", "creation_timestamp": "2026-05-01T05:30:38.000000Z"}, {"uuid": "c0797bfd-cd20-4e52-af20-85658326c0c9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://ccb.belgium.be/advisories/warning-critical-authentication-bypass-cpanel-whm-patch-immediately", "content": "", "creation_timestamp": "2026-04-30T05:16:14.000000Z"}, {"uuid": "4bab7e32-8910-4850-8d51-424d112e970e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/eyalestrin.bsky.social/post/3mkrguvkrkl2b", "content": "Security: CVE-2026-41940 - cPanel & WHM / WP2 Security Update 04/28/2026 #patchmanagement", "creation_timestamp": "2026-05-01T05:54:11.456461Z"}, {"uuid": "7bd7c62b-b097-49f8-b119-8a38d390c5e2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "Telegram/S9_bJQuqobtUpyDgfWW2iGM9Xgk76-rOb0sD9PuLrUOojQY", "content": "", "creation_timestamp": "2026-04-29T19:00:08.000000Z"}, {"uuid": "fe49d005-5419-4526-ab33-511a6fa03daf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-05-01)", "content": "", "creation_timestamp": "2026-05-01T00:00:00.000000Z"}, {"uuid": "12aac6ee-5bdb-490c-9280-e0d0d40ec8dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "Telegram/MurpDVre-4LCYzH5BvUtvVRvpJ9yqT35RKsHtthqDCH1oSA", "content": "", "creation_timestamp": "2026-05-03T03:00:05.000000Z"}, {"uuid": "7d167ad3-b3de-432f-add7-982aa676b4de", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "Telegram/3a2jD3gjNHncLnKc8fyr9DC3SGOgXMvvZ9Cx1ndl6893LxY", "content": "", "creation_timestamp": "2026-05-02T09:00:04.000000Z"}, {"uuid": "5ace46e2-01ff-4f2e-8982-c6055f866410", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41940", "type": "seen", "source": "https://bsky.app/profile/glitterbean.wehavecookies.social.ap.brid.gy/post/3mknt7uirh5c2", "content": "The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940) https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/", "creation_timestamp": "2026-04-29T19:24:28.069316Z"}, {"uuid": "0602977a-7799-498c-b11b-8f9479c8097b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-05-02)", "content": "", "creation_timestamp": "2026-05-02T00:00:00.000000Z"}, {"uuid": "c7f4698d-91ab-48b8-98a6-3965a07fc6da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/rapid7.com/post/3mknxgkc5j22m", "content": "\ud83d\udea8 On 4/28/26, #cPanel issued a security update to fix a critical vuln. affecting its WHM and WP Squared products.\n\nWith a CVSS score of 9.8, CVE-2026-41940 allows unauth. remote attackers to bypass authentication & gain administrative access to systems: r-7.co/4vZ0vgX", "creation_timestamp": "2026-04-29T20:39:46.059666Z"}, {"uuid": "06e703e1-dcfb-4c56-ac3d-718e69afee13", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://t.me/ctinow/249720", "content": "Hackers target governments and MSPs via critical cPanel flaw CVE-2026-41940\nhttps://ift.tt/iqZJnH6", "creation_timestamp": "2026-05-04T20:14:36.000000Z"}, {"uuid": "2a615a66-824d-4fdb-b9bc-9571a5cb9c48", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3mkof3aqhsg23", "content": "\u5b9f\u74b0\u5883\u3067\u306e\u60aa\u7528\u4e8b\u4f8b\uff1acPanel\u306eCVE-2026-41940\u8a8d\u8a3c\u30d0\u30a4\u30d1\u30b9\u306e\u30bc\u30ed\u30c7\u30a4\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u6982\u5ff5\u5b9f\u8a3c\uff08PoC\uff09\u304c\u516c\u958b\u3055\u308c\u307e\u3057\u305f \n\nExploited in the Wild: PoC Released for cPanel CVE-2026-41940 Authentication Bypass Zero-Day  #DailyCyberSecurity (Apr 29)\n\nsecurityonline.info/cpanel-authe...", "creation_timestamp": "2026-04-30T00:43:58.101476Z"}, {"uuid": "8c28cbb7-d9cb-4b89-816f-fa9c657e7cbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/warthogtk.bsky.social/post/3mknzbc4oyb2t", "content": "The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940)\nlabs.watchtowr.com/the-internet...", "creation_timestamp": "2026-04-29T21:12:36.009350Z"}, {"uuid": "5aa31883-9dd1-4d8a-a564-655fefccf010", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://cyber.gc.ca/en/alerts-advisories/al26-008-vulnerability-affecting-cpanel-webhost-manager-whm-cve-2026-41940", "content": "", "creation_timestamp": "2026-04-29T11:21:48.000000Z"}, {"uuid": "4ad38e04-3929-4961-a78b-46d7375a6c03", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/ca-nb.bsky.social/post/3mkohock3452p", "content": "The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940)\n\nhttps://www.newsbeep.com/ca/637520/\n\nHello! Yes, it\u2019s all a disaster again! Let\u2019s get this party started: No comments today, so imagine this:\u2026", "creation_timestamp": "2026-04-30T01:30:25.239300Z"}, {"uuid": "ac57f2cc-6966-4e6d-95c1-89e91af9db49", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41940", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116491067694066304", "content": "\ud83d\udea8 CRITICAL auth bypass in cPanel & WHM (CVE-2026-41940, CVSS 9.3) lets unauthenticated attackers access the control panel. Patch not confirmed \u2014 restrict interface to trusted IPs & monitor advisories. https://radar.offseq.com/threat/cve-2026-41940-cwe-306-missing-authentication-for--3aceec8f #OffSeq #cPanel #Vulnerability #Infosec", "creation_timestamp": "2026-04-30T01:30:30.761481Z"}, {"uuid": "df581542-06d8-4310-a033-9096bda15520", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41940", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mkohojd7sv2v", "content": "\ud83d\udea8 cPanel & WHM CRITICAL auth bypass (CVE-2026-41940, CVSS 9.3) allows remote access to control panel. No patch yet \u2014 restrict access & monitor advisories. https://radar.offseq.com/threat/cve-2026-41940-cwe-306-missing-authentication-for--3aceec8f #OffSeq #cPanel #Security", "creation_timestamp": "2026-04-30T01:30:32.856326Z"}, {"uuid": "fbaa13e8-5b05-4902-b0e6-57b4bc143e68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/us-nb.bsky.social/post/3mkoie6dlag2v", "content": "The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940)\n\nhttps://www.newsbeep.com/us/614323/\n\nHello! Yes, it\u2019s all a disaster again! Let\u2019s get this party started: No comments today, so imagine this:\u2026", "creation_timestamp": "2026-04-30T01:42:39.040682Z"}, {"uuid": "744efe86-ab3c-441e-8342-2303437e15e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/cybersecurity.page/post/3mkosftfc4b2h", "content": "A critical vulnerability (CVE-2026-41940) in cPanel & WHM's authentication mechanism poses a severe risk to internet infrastructure, allowing unauthorized access. Discovered by watchTowr Labs, this exploit could lead to widespread disruption if not addressed promptly.", "creation_timestamp": "2026-04-30T04:42:31.477150Z"}, {"uuid": "fbf8d84f-4a15-41e4-9459-1f21ba69a457", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mkobnj3vnm2n", "content": "\ud83d\udd34 CVE-2026-41940 - Critical (9.8)\n\ncPanel and WHM versions prior to 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.134.0.20,...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-41940/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-04-29T23:42:36.238816Z"}, {"uuid": "0d13d891-1a83-4293-a056-082691367d7f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/r-blueteamsec.bsky.social/post/3mkojuc7eq72b", "content": "The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940) - watchTowr Labs", "creation_timestamp": "2026-04-30T02:09:33.115562Z"}, {"uuid": "5267ad88-f3c6-457e-95b8-b6d0d0375701", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/securelybuilt.bsky.social/post/3mkpiaa5c7k2b", "content": "Our software is a mix and match of 3rd parties, tools, and services that continue to expand the attack surface. If you need an example, CVE-2026-41940 was recently identified as a critical authentication bypass in cPanel & WHM (and WP Squared), with a CVSS score of 9.8.", "creation_timestamp": "2026-04-30T11:13:08.231385Z"}, {"uuid": "048808f8-3f1d-4806-9310-b57d8377e2e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/abijita.bsky.social/post/3mkp4bmimf62s", "content": "Critical cPanel Flaw Lets Attackers Bypass Login, Patch\u00a0Urgently\n\nA critical security vulnerability tracked as CVE-2026-41940 has been discovered in most versions of cPanel and WebHost Manager (WHM), potentially allowing attackers to access hosting control panels without authentication.", "creation_timestamp": "2026-04-30T07:39:07.926561Z"}, {"uuid": "181aa858-4ae0-48a3-a3be-b104cbb98cef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/solomonneas.dev/post/3mkpkzvzq2f2b", "content": "\ud83d\udd34 cPanel/WHM auth bypass zero-day exploited\nCVE-2026-41940, CVSS 9.8. Patch and restrict WHM ports now.\n\n\ud83d\udd34 OpenClaw bootstrap pairing flaw\nCVSS 9.1 privilege escalation in pre-2026.3.22. Update older nodes.\n\nsolomonneas.dev/intel", "creation_timestamp": "2026-04-30T12:03:16.000797Z"}, {"uuid": "fa8580cc-1967-4ffa-b8ec-0ed8be344bf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/modat-io.bsky.social/post/3mkpo2rdn722b", "content": "\u203c\ufe0fCVE-2026-41940: cPanel & WHM Authentication Bypass (CVSS 9.8 Critical)\u00a0\nA critical authentication bypass has been discovered in cPanel & WHM. \n\nModat Magnify Query:\u00a0\n(technology=\"cPanel\" or web.html~\"/cPanel_magic_revision_\" or web.headers~\"whostmgrrelogin\") and tag!=honeypot", "creation_timestamp": "2026-04-30T12:57:28.913361Z"}, {"uuid": "e68b8382-aceb-436a-9694-42a3f8065154", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mkpoa7mpur2y", "content": "A critical authentication bypass vulnerability CVE-2026-41940 in cPanel, WHM, and WP Squared is actively exploited since Feb 2026. Patches released April 28; restarting cpsrvd and blocking ports recommended. #AuthBypass #WebHosting #USA", "creation_timestamp": "2026-04-30T13:00:28.150811Z"}, {"uuid": "e5bd0dd8-2dc4-4b4a-b5b7-9b48233e94ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/postac001.bsky.social/post/3mkppsz7auz25", "content": "cPanel/WHM\u306e\u8a8d\u8a3c\u30d0\u30a4\u30d1\u30b9\u8106\u5f31\u6027(CVE-2026-41940)\u304c\u30bc\u30ed\u30c7\u30a4\u653b\u6483\u3055\u308c\u30012\u6708\u4e0b\u65ec\u304b\u3089\u60aa\u7528\u3055\u308c\u3066\u3044\u308b\u3002", "creation_timestamp": "2026-04-30T13:28:52.830162Z"}, {"uuid": "88129477-397f-469e-bb04-8d4e140a9493", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/helpnetsecurity.com/post/3mkpqwtll7c2y", "content": "cPanel zero-day exploited for months before patch release (CVE-2026-41940)\n\n\ud83d\udcd6 Read more: www.helpnetsecurity.com/2026/04/30/c...\n\n#cybersecurity #cybersecuritynews #0day #cPanel #securityupdate #webhosting @labs.watchtowr.com.web.brid.gy @rapid7.com", "creation_timestamp": "2026-04-30T13:48:58.355311Z"}, {"uuid": "5cbd7a2b-9910-4381-b50c-395ec73f367e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mkpvmwy6yc2q", "content": "1/ \ud83d\udd12 cPanel CVE-2026-41940 (CVSS 9.8): Auth bypass on software managing 70M+ domains. No password needed. Already exploited as zero-day since February. Proof-of-concept is PUBLIC. Patch NOW.", "creation_timestamp": "2026-04-30T15:13:01.958774Z"}, {"uuid": "90beb57e-c235-47c4-aafa-6372eac0dda5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mkpvmwybw32q", "content": "1/ \ud83d\udd12 cPanel CVE-2026-41940 (CVSS 9.8): Auth bypass on software managing 70M+ domains. No password needed. Already exploited as zero-day since February. Proof-of-concept is PUBLIC. Patch NOW.", "creation_timestamp": "2026-04-30T15:13:07.417966Z"}, {"uuid": "dcf0cf12-8707-422d-8fdc-a478333eaf6e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mkpvmwy7xk2q", "content": "1/ \ud83d\udd12 cPanel CVE-2026-41940 (CVSS 9.8): Auth bypass on software managing 70M+ domains. No password needed. Already exploited as zero-day since February. Proof-of-concept is PUBLIC. Patch NOW.", "creation_timestamp": "2026-04-30T15:13:03.870835Z"}, {"uuid": "62f7f3ba-6dfd-4fcd-93f3-c939950265d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mkpvmwyetu2q", "content": "1/ \ud83d\udd12 cPanel CVE-2026-41940 (CVSS 9.8): Auth bypass on software managing 70M+ domains. No password needed. Already exploited as zero-day since February. Proof-of-concept is PUBLIC. Patch NOW.", "creation_timestamp": "2026-04-30T15:13:10.874241Z"}, {"uuid": "d1331d39-9d83-4b13-bda5-dda8fad598f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/securelybuilt.bsky.social/post/3mkpiabroxs2b", "content": "Our software is a mix and match of 3rd parties, tools, and services that continue to expand the attack surface. If you need an example, CVE-2026-41940 was recently identified as a critical authentication bypass in cPanel & WHM (and WP Squared), with a CVSS score of 9.8.", "creation_timestamp": "2026-04-30T11:13:09.762478Z"}, {"uuid": "371ef667-5700-4dd6-bc22-e7aaa04d7dd6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/securelybuilt.bsky.social/post/3mkpiabrpx22b", "content": "Our software is a mix and match of 3rd parties, tools, and services that continue to expand the attack surface. If you need an example, CVE-2026-41940 was recently identified as a critical authentication bypass in cPanel & WHM (and WP Squared), with a CVSS score of 9.8.", "creation_timestamp": "2026-04-30T11:13:10.326313Z"}, {"uuid": "43dece12-72cf-43b2-989b-cafe9ffb46f2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/securelybuilt.bsky.social/post/3mkpiabrpx32b", "content": "Our software is a mix and match of 3rd parties, tools, and services that continue to expand the attack surface. If you need an example, CVE-2026-41940 was recently identified as a critical authentication bypass in cPanel & WHM (and WP Squared), with a CVSS score of 9.8.", "creation_timestamp": "2026-04-30T11:13:10.865075Z"}, {"uuid": "3c88395a-77b4-4e0d-89e3-14ed0337d60e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mkpvmwybw22q", "content": "1/ \ud83d\udd12 cPanel CVE-2026-41940 (CVSS 9.8): Auth bypass on software managing 70M+ domains. No password needed. Already exploited as zero-day since February. Proof-of-concept is PUBLIC. Patch NOW.", "creation_timestamp": "2026-04-30T15:13:05.554092Z"}, {"uuid": "cd34051b-5bc7-4a80-9c8d-f3e2a59a41b7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mkpvmwybw42q", "content": "1/ \ud83d\udd12 cPanel CVE-2026-41940 (CVSS 9.8): Auth bypass on software managing 70M+ domains. No password needed. Already exploited as zero-day since February. Proof-of-concept is PUBLIC. Patch NOW.", "creation_timestamp": "2026-04-30T15:13:09.083082Z"}, {"uuid": "459ba933-4d45-468a-b91b-d351c2b44eeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41940", "type": "seen", "source": "https://bsky.app/profile/ahmandonk.bsky.social/post/3mkpsjl7ay527", "content": "\ud83d\udcf0 Bug Kritis cPanel dan WHM Dieksploitasi Sebagai Zero-Day, PoC Kini Tersedia\n\n\ud83d\udc49 Baca artikel lengkap di sini: https://ahmandonk.com/2026/04/30/bug-kritis-cpanel-whm-dieksploitasi-sebagai-zero-day-poc-tersedia/\n\n#ahmandonkTechNews #beritaTeknologi #bypassAutentikasi #cpanel #cve-2026-41940 #ek", "creation_timestamp": "2026-04-30T14:17:17.045985Z"}, {"uuid": "df900337-6b96-4fa7-b0dc-fe0a50c539ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/securelybuilt.bsky.social/post/3mkpiabrpx42b", "content": "Our software is a mix and match of 3rd parties, tools, and services that continue to expand the attack surface. If you need an example, CVE-2026-41940 was recently identified as a critical authentication bypass in cPanel & WHM (and WP Squared), with a CVSS score of 9.8.", "creation_timestamp": "2026-04-30T11:13:11.419179Z"}, {"uuid": "8ea1fe07-ff35-4f27-8064-9e3a718da670", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/securelybuilt.bsky.social/post/3mkpiabrqwe2b", "content": "Our software is a mix and match of 3rd parties, tools, and services that continue to expand the attack surface. If you need an example, CVE-2026-41940 was recently identified as a critical authentication bypass in cPanel & WHM (and WP Squared), with a CVSS score of 9.8.", "creation_timestamp": "2026-04-30T11:13:11.977417Z"}, {"uuid": "99576e3f-e034-4223-8c4a-2d1314667b67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/blackhatnews.tokyo/post/3mkpidyacqh2w", "content": "\u91cd\u5927\u306acPanel\uff06WHM\u8106\u5f31\u6027\u304c\u6570\u304b\u6708\u9593\u30bc\u30ed\u30c7\u30a4\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3068\u3057\u3066\u60aa\u7528\u3055\u308c\u308b\n\n\u30cf\u30c3\u30ab\u30fc\u306f\u6570\u304b\u6708\u9593\u3001cPanel\uff06WHM\uff08WebHost Manager\uff09\u30b5\u30fc\u30d0\u304a\u3088\u3073\u30b5\u30a4\u30c8\u7ba1\u7406\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\u306e\u91cd\u5927\u5ea6\u306e\u3042\u308b\u8a8d\u8a3c\u56de\u907f\u8106\u5f31\u6027\u3092\u60aa\u7528\u3057\u3066\u304d\u307e\u3057\u305f\u3002 CVE-2026-41940\uff08CVSS \u30b9\u30b3\u30a2 9.8\uff09\u3068\u3057\u3066\u8ffd\u8de1\u3055\u308c\u308b\u3053\u306e\u6b20\u9665\u306f4\u670828\u65e5\u306b\u516c\u958b\u3055\u308c\u3001cPanel\u306f\u3059\u3050\u3055\u307e\u30d1\u30c3\u30c1\u306e\u9069\u7528\u3092\u4fc3\u3057\u300111.40", "creation_timestamp": "2026-04-30T11:15:11.833788Z"}, {"uuid": "94833cc4-e19b-4eab-be26-a9072171dc00", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/bleepingcomputer.com/post/3mkpjrrbolm26", "content": "The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in the wild and has been leveraged in attempts since late February.", "creation_timestamp": "2026-04-30T11:40:48.686964Z"}, {"uuid": "955139d9-618c-4fdf-8b02-b1cca11ebd09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41940", "type": "seen", "source": "https://infosec.exchange/users/AAKL/statuses/116494699869475729", "content": "New.\n\"Hello! Yes, it's all a disaster again!\"\nWatch Tower: The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940) https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/ #threatresearch \nAlso:\nTenable: Copy Fail (CVE-2026-31431): Frequently asked questions about Linux kernel privilege escalation vulnerability https://www.tenable.com/blog/copy-fail-cve-2026-31431-frequently-asked-questions-about-linux-kernel-privilege-escalation @tenable #Linux #infosec #vulnerability", "creation_timestamp": "2026-04-30T16:54:12.826841Z"}, {"uuid": "72f50720-d54d-4f38-9888-b9ee244bbd7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mkpvmwxrcs2q", "content": "1/ \ud83d\udd12 cPanel CVE-2026-41940 (CVSS 9.8): Auth bypass on software managing 70M+ domains. No password needed. Already exploited as zero-day since February. Proof-of-concept is PUBLIC. Patch NOW.", "creation_timestamp": "2026-04-30T15:12:54.977445Z"}, {"uuid": "5ba41802-d151-4041-a2bd-9e70735c525b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mkpvmwy33c2q", "content": "1/ \ud83d\udd12 cPanel CVE-2026-41940 (CVSS 9.8): Auth bypass on software managing 70M+ domains. No password needed. Already exploited as zero-day since February. Proof-of-concept is PUBLIC. Patch NOW.", "creation_timestamp": "2026-04-30T15:12:56.750588Z"}, {"uuid": "0e5d8abd-efa1-4a7c-af54-92d75a5efac6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mkpvmwy42k2q", "content": "1/ \ud83d\udd12 cPanel CVE-2026-41940 (CVSS 9.8): Auth bypass on software managing 70M+ domains. No password needed. Already exploited as zero-day since February. Proof-of-concept is PUBLIC. Patch NOW.", "creation_timestamp": "2026-04-30T15:12:58.611493Z"}, {"uuid": "73f5db90-a609-49d8-8998-be57650eb369", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41940", "type": "seen", "source": "https://infosec.exchange/users/barubary/statuses/116493159897647567", "content": "RE: https://social.bund.de/@certbund/116492931513061962\nhttps://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/\n#cPanel #exploit", "creation_timestamp": "2026-04-30T16:05:55.285612Z"}, {"uuid": "9d37919c-464f-4913-9cea-307262a1d351", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116494595184300250", "content": "Attention, elevated activities detected targeting cPanel and WHM (CVE-2026-41940) https://vuldb.com/vuln/360168/cti", "creation_timestamp": "2026-04-30T16:27:35.499473Z"}, {"uuid": "c5fc3a80-c16c-4477-bfb3-189820cf50e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mkpvmwy4zs2q", "content": "1/ \ud83d\udd12 cPanel CVE-2026-41940 (CVSS 9.8): Auth bypass on software managing 70M+ domains. No password needed. Already exploited as zero-day since February. Proof-of-concept is PUBLIC. Patch NOW.", "creation_timestamp": "2026-04-30T15:13:00.329056Z"}, {"uuid": "8ddac02d-6613-4bd9-bf4d-d5e88271a4e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/6379718", "content": "2026-04-30: [CVE-2026-41940] WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function VulnerabilityWebPros cPanel & WHM (WebHost Manager) and WP2 (WordPress Squared) contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthorized access to the control panel.\ncisakev", "creation_timestamp": "2026-04-30T16:54:52.291970Z"}, {"uuid": "ec3e65ea-061d-4cbf-8057-e36ba4855a7b", "vulnerability_lookup_origin": "405284c2-e461-4670-8979-7fd2c9755a60", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2026-41940", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/494e7521-f818-4040-8b8d-ac9818d42390", "content": "", "creation_timestamp": "2026-04-30T17:00:02.004086Z"}, {"uuid": "f2a624cc-f110-4084-950a-4fdfdd60a6bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/r-netsec.bsky.social/post/3mkq45mqhco2v", "content": "High Fidelity Check for the cPanel Authentication Bypass (CVE-2026-41940)", "creation_timestamp": "2026-04-30T17:09:33.151019Z"}, {"uuid": "87372199-48be-4b5b-918d-dab2bb3b2125", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/zettawire.com/post/3mkq5ix5ade2h", "content": "\ud83d\udea8 ALERT: CISA adds critical WebPros cPanel and WHM authentication vulnerability CVE-2026-41940 to its Known Exploited Vulnerabilities Catalog. The agency urges users to review the catalog for mitigation details. #Cybersecurity #CISA", "creation_timestamp": "2026-04-30T17:33:47.394273Z"}, {"uuid": "e704cf74-bb39-4302-9c6d-8f3ff617c8bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/bitsight.bsky.social/post/3mkqenm6vu42i", "content": "Critical. Exploited. No credentials needed.\n\nCVE-2026-41940 puts cPanel & WHM environments at risk of full compromise. Most teams lack visibility into exposed assets\u2014Bitsight helps close that gap. \ud83d\udc49 Learn more: https://ow.ly/xY4c50YSTc2 \n\n#Cybersecurity #BitsightAdvisory\n", "creation_timestamp": "2026-04-30T19:41:40.337526Z"}, {"uuid": "c9e6667e-597c-4b6d-a9ed-0eea3b127d34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/cyberwarriorsme.bsky.social/post/3mkqet3nkq52g", "content": "CVE-2026-41940: Critical cPanel Authentication Bypass Risks Hosting Security", "creation_timestamp": "2026-04-30T19:44:43.864308Z"}, {"uuid": "9face629-45ea-4800-9140-96a2f3f92b45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mkqfinmhdfn2", "content": "CVE-2026-41940: Critical cPanel Authentication Bypass Risks Hosting Security CVE-2026-41940: Critical cPanel Authentication Bypass Risks Hosting Security A newly identified security vulnerability, ...\n\n#Dark #Watch #dark #web #Data #Leaks #Extortion #threat #actors\n\nOrigin | Interest | Match", "creation_timestamp": "2026-04-30T19:56:53.005860Z"}, {"uuid": "adea238a-b2e3-4873-97f2-3fe5f0fb777b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/pigondrugs.bsky.social/post/3mkqfr3fvi426", "content": "~Cisa~\nCISA added a cPanel & WHM missing authentication flaw to the KEV catalog due to active exploitation.\n-\nIOCs: CVE-2026-41940\n-\n#CVE202641940 #ThreatIntel #cPanel", "creation_timestamp": "2026-04-30T20:01:30.140353Z"}, {"uuid": "28f8ddfa-cfdc-4210-bd66-758a35fab98c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/censys.bsky.social/post/3mkqa3jjy6l25", "content": "\ud83d\udea8 CVE-2026-41940 (9.8)\n\nPre-auth bypass allows remote admin access (cPanel/WHM). Patch now. \n\n\u25b6\ufe0f Full advisory: https://bit.ly/48xsquo", "creation_timestamp": "2026-04-30T18:19:58.875240Z"}, {"uuid": "161973e0-b70b-4593-8680-13220e8f8f56", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/r-blueteamsec.bsky.social/post/3mkqadytexi22", "content": "Security: CVE-2026-41940 - cPanel & WHM / WP2 Security Update 04/28/2026", "creation_timestamp": "2026-04-30T18:24:42.334246Z"}, {"uuid": "971d319f-7dd3-4bb9-9c47-8c8a482dd873", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sinologic.net/post/3mkqghjompu2j", "content": "CVE-2026-41940: bypass de autenticaci\u00f3n en cPanel explotado como zero-day\n\nNo hace ni 1 hora que hemos publicado el art\u00edculo sobre la\u00a0vulnerabilidad Copy-Fail que afecta a los kernels de linux ant\u2026\n\n#autenticacion #bypass #cPanel #CVE #hosting #Seguridad #vulnerabilidad #watchTowr #WHM #zeroday", "creation_timestamp": "2026-04-30T20:14:09.248883Z"}, {"uuid": "aeed0346-0066-4683-ac23-2706fd3cec35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/htt.pt/post/3mkqh4hto642z", "content": "\ud83d\udea8 Alerta cPanel: Falha de seguran\u00e7a cr\u00edtica (CVE-2026-41940) em instala\u00e7\u00f5es desatualizadas. Atualize o WHM imediatamente para evitar riscos! A sua plataforma est\u00e1 protegida? Garanta a seguran\u00e7a do seu projeto com o alojamento da Host TugaTech: https://host.tugatech.com.pt/", "creation_timestamp": "2026-04-30T20:25:52.283358Z"}, {"uuid": "ba2c2fea-1877-42e3-951c-ecb7d19ed683", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/canartuc.com/post/3mkqbs62e6w2m", "content": "cPanel shipped an emergency patch Tuesday for CVE-2026-41940, CVSS 9.8, exploited in the wild. The daemon writes the session file to disk, then checks the password. Pre-auth file writes are a pattern in hosting panels, not an edge case. I have seen this fail audit before.\n\n#CyberSecurity #InfoSec", "creation_timestamp": "2026-04-30T18:50:35.972760Z"}, {"uuid": "cec42124-3d29-4b40-856e-d6259ebc86d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mkqchc4hniz2", "content": "Critical Vulnerability Alert: CVE-2026-41940 in cPanel, WHM, and WP Squared A critical vulnerability, CVE-2026-41940, affecting cPanel, WHM, and WP Squared, is being actively exploited. Read more f...\n\n\nOrigin | Interest | Match", "creation_timestamp": "2026-04-30T19:02:32.708388Z"}, {"uuid": "7d4234e1-864c-497e-bceb-53e16c66894d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mkqjggvi4f2w", "content": "\ud83d\udccc CVE-2026-41940 - cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to g... https://www.cyberhub.blog/cves/CVE-2026-41940", "creation_timestamp": "2026-04-30T21:07:07.863082Z"}, {"uuid": "f5eabe76-d7b5-457e-bdc6-abda15eaab4f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/francejeunes.bsky.social/post/3mkqirt5qdo2i", "content": "Faille cPanel CVE-2026-41940 : votre site web est-il expos\u00e9 ?\n\n\u2753 Qu'est-ce que la faille cPanel CVE-2026-41940 ?\n\u2753 Quels sont les risques d'une intrusion root sur WHM ?\n\u2753 Qui doit mettre \u00e0 jour cPanel contre la CVE-2026-41940 ?\n\n#cpanel #exploits #wordpress", "creation_timestamp": "2026-04-30T20:55:36.674210Z"}, {"uuid": "4588d6ac-712e-4023-8a8c-bac018c94938", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/codeteacher.bsky.social/post/3mkqirsemj22o", "content": "#TeamCompSci Re-posting this in case anyone is using cpanel, a vulnerability officially tracked as CVE-2026-41940, allows malicious hackers to remotely bypass its login screen to gain full access to the software\u2019s administration panel. \n\ntechcrunch.com/2026/04/30/h...", "creation_timestamp": "2026-04-30T20:55:37.516224Z"}, {"uuid": "b663ae43-19cd-46cd-9cbf-d39fb28f91c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/niztal.bsky.social/post/3mkqmmmrhcv2y", "content": "\ud83d\udd75\ufe0f High Fidelity Check for the cPanel Authentication Bypass (CVE-2026-41940)\n\nsubmitted by /u/Mempodipper\u2026\n#EthicalHacking #PenTest #BugBounty\nTechnical Information Security \u00b7 https://www.reddit.com/r/netsec/comments/1szqnax/high_fidelity_check_for_the_cpanel_authentication/", "creation_timestamp": "2026-04-30T22:04:17.346712Z"}, {"uuid": "219c411d-bee1-443c-ba2c-1703683674ed", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/potato.software/post/3mkqjghwsdu2t", "content": "\ud83d\udccc CVE-2026-41940 - cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to g... https://www.potatohub.blog/cves/CVE-2026-41940", "creation_timestamp": "2026-04-30T21:07:08.733126Z"}, {"uuid": "2466a793-1f66-4732-9848-aadf0017afee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3mkqlkv5xgv2d", "content": "A critical zero-day in cPanel (CVE-2026-41940) has been exploited for months, allowing unauthenticated attackers to gain admin access by manipulating whostmgrsession cookies. Patch released April 28. #cPanel #AuthBypass #USA", "creation_timestamp": "2026-04-30T21:45:25.375850Z"}, {"uuid": "73a16cca-ef28-4f97-a335-a63b6f5f87a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/philpem.digipres.club.ap.brid.gy/post/3mkqnyqykjty2", "content": "@CursedSilicon\nCVE-2026-41940. Pwned for weeks before it was noticed.\nhttps://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026", "creation_timestamp": "2026-04-30T22:29:01.586476Z"}, {"uuid": "c8265d68-3531-465d-ad14-ad2befdde32c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://t.me/GithubRedTeam/82260", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a cPanel-CVE-2026-41940-Scanner\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a merdw\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-01 02:00:00\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nAdvanced cPanel & WHM Security Scanner for CVE-2026-41940. with mass Shodan discovery\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-01T02:00:04.000000Z"}, {"uuid": "a285dc5d-e676-4f4a-a19d-e4e4e8977ff2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/hn100.bsky.social/post/3mkqt3plwd72s", "content": "The Internet Is Falling Down- CPanel/WHM Authentication Bypass CVE-2026-41940\n\nDiscussion", "creation_timestamp": "2026-05-01T00:00:05.950977Z"}, {"uuid": "aaf451f6-2959-45bb-9f31-bf20709b7b32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41940", "type": "seen", "source": "https://bsky.app/profile/hnws.bsky.social/post/3mkqt5shtpn2u", "content": "The Internet Is Falling Down- CPanel/WHM Authentication Bypass CVE-2026-\u2026\nL: https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/\nC: https://news.ycombinator.com/item?id=47969288\nposted on 2026.04.30 at 18:48:51 (c=0, p=3)", "creation_timestamp": "2026-05-01T00:01:16.591431Z"}, {"uuid": "f02be6f5-9246-4ab9-a088-b48f780fbc83", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/news.karthihegde.dev/post/3mkqt6cq2552w", "content": "The Internet Is Falling Down- CPanel/WHM Authentication Bypass CVE-2026-41940\nDiscussion | hackernews | Author: zikani_03", "creation_timestamp": "2026-05-01T00:01:32.969000Z"}, {"uuid": "06d92c29-d109-49db-a705-136bcfb5a048", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/rankednews.bsky.social/post/3mkqtkni4f42g", "content": "Hackers are actively exploiting a bug in cPanel, used by millions of websites: A critical vulnerability, identified as CVE-2026-41940, has been discovered in cPanel and WebHost Manager (WHM), widely used server management software impacting tens of millions of website\u2026 https://ranked.news/742541?u=b", "creation_timestamp": "2026-05-01T00:08:28.154556Z"}, {"uuid": "883a48c9-af99-4e04-adbe-cadda86eb937", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41940", "type": "seen", "source": "https://bsky.app/profile/hnbot.gsuscs.xyz/post/3mkqwipb4bs25", "content": "The Internet Is Falling Down- CPanel/WHM Authentication Bypass CVE-2026-41940\n\nhttps://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/", "creation_timestamp": "2026-05-01T01:01:02.322186Z"}, {"uuid": "0004e853-c9bd-436f-b8f9-a07f694bd7b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/hackernewsbot.bsky.social/post/3mkqxkqrrxr2b", "content": "The Internet Is Falling Down- CPanel/WHM Authentication Bypass CVE-2026-41940 | Discussion", "creation_timestamp": "2026-05-01T01:20:05.375092Z"}, {"uuid": "814ac1b9-2d74-47b9-9ea7-9e4a25e7fb2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41940", "type": "seen", "source": "https://bsky.app/profile/betterhn20.e-work.xyz/post/3mkqyjipa7b2y", "content": "The Internet Is Falling Down- CPanel/WHM Authentication Bypass CVE-2026-41940 https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/ (https://news.ycombinator.com/item?id=47969288)", "creation_timestamp": "2026-05-01T01:37:16.981984Z"}, {"uuid": "f80ab45f-b655-4bf6-9e86-b1c6520fc4f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/seanteronews.bsky.social/post/3mkqzilt5wa2g", "content": "Kerentanan Kritis cPanel Terdeteksi: Puluhan Juta Situs Web\u00a0Terancam\n\nPeneliti temukan celah keamanan kritis CVE-2026-41940 pada cPanel dan WHM yang memungkinkan hacker mengambil alih kendali penuh server web. Segera lakukan patch!", "creation_timestamp": "2026-05-01T01:54:40.470793Z"}, {"uuid": "20a1adc8-88a2-4165-8a29-3774fa5fa0a7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3mkqzlv5ukcvh", "content": "CVE-2026-41940 WebPros cPanel & WHM and WP2 (WordPress Squared) Missing Authentication for Critical Function Vulnerability", "creation_timestamp": "2026-05-01T01:56:54.223733Z"}, {"uuid": "996a74e7-8006-4dbc-a625-89bce665249b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/webradiomexfm.bsky.social/post/3mkr25kykdk25", "content": "Vulnerabilidade Cr\u00edtica no cPanel Permite Ataques a Milh\u00f5es de Sites\n\nA falha CVE-2026-41940 permite que hackers burlem a tela de login e assumam o controle total dos servidores afetados.\n\nhttps://mexnews.online/l/zxtOyU\n\n#mexfm #mexnews #webradiomexfm #brasil #noticias #musica", "creation_timestamp": "2026-05-01T02:06:24.777266Z"}, {"uuid": "2682823d-f00d-42a4-a8cf-dad7405b3bc1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mkr3im64kw25", "content": "Top 3 CVE for last 7 days:\nCVE-2026-31431: 213 interactions\nCVE-2026-3854: 53 interactions\nCVE-2026-41940: 32 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-31431: 160 interactions\nCVE-2026-41940: 31 interactions\nCVE-2025-31431: 29 interactions\n", "creation_timestamp": "2026-05-01T02:30:28.093492Z"}, {"uuid": "fdb3ad33-2553-4217-9e46-2ec1ee51a745", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/opsmatters.com/post/3mkrbw4vist2g", "content": "The latest update for #ArcticWolf includes \"CVE-2026-41940: Critical Exploited Authentication Bypass Vulnerability in cPanel & WHM\" and \"Vulnerability Prioritization Requires More Than a Score\".\n \n#cybersecurity #infosec #networks https://opsmtrs.com/2ZFbaTl", "creation_timestamp": "2026-05-01T04:25:24.133184Z"}, {"uuid": "1d1dd850-ae91-4db5-ab3f-ba8bc094502a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/opsmatters.com/post/3mkrbzvgjz62r", "content": "The latest update for #BitSight includes \"Critical Vulnerability Alert: CVE-2026-41940 in cPanel, WHM, and WP Squared\" and \"How to Use the MITRE ATT&CK Framework as a Shared Language for SOC, CTI, GRC, and Leadership\".\n \n#Cybersecurity #RiskManagement https://opsmtrs.com/43KoF0t", "creation_timestamp": "2026-05-01T04:27:30.233329Z"}, {"uuid": "701da368-9ed3-4a4a-88ea-4be7ba31b192", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/hackernewsrobot.bsky.social/post/3mkrdzotwub2l", "content": "CPanel and WHM Authentication Bypass \u2013 CVE-2026-41940", "creation_timestamp": "2026-05-01T05:03:15.336487Z"}, {"uuid": "9ed7e36f-c2c3-4424-9dc2-6f2a54a08022", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/termsofsurrender.bsky.social/post/3mkr5acyxwb2c", "content": "Another Critical Vulnerability Explodes; Prague's Response Time Defies All Conceptions of Urgency.\nPANIC 85% | Lag 17.13h | CVE-2026-41940 is a known vulnerability affecting cPanel and WHM components, representing a severe w\n#AfterShockIndex\nREAD MORE", "creation_timestamp": "2026-05-01T03:01:37.206777Z"}, {"uuid": "01a32623-e793-4a29-97be-82bfa538b59f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/shiojiri.com/post/3mkrgyhst6svh", "content": "cPanel\u306e\u91cd\u5927\u306a\u8106\u5f31\u6027\u30012\u6708\u4e0b\u65ec\u304b\u3089\u30bc\u30ed\u30c7\u30a4\u653b\u6483\u3067\u60aa\u7528\u3055\u308c\u308b\uff08CVE-2026-41940\uff09 | Codebook\uff5cSecurity News https://codebook.machinarecord.com/threatreport/silobreaker-cyber-alert/45438/", "creation_timestamp": "2026-05-01T05:56:36.005078Z"}, {"uuid": "58abc2b9-ac84-4216-ab91-6730f8d42ad2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41940", "type": "seen", "source": "https://bsky.app/profile/betterhn50.e-work.xyz/post/3mkr5kfbtmo26", "content": "CPanel and WHM Authentication Bypass \u2013 CVE-2026-41940 https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/ (https://news.ycombinator.com/item?id=47969288)", "creation_timestamp": "2026-05-01T03:07:15.785634Z"}, {"uuid": "82828909-a647-4c2a-8356-10e2781781ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41940", "type": "seen", "source": "https://bsky.app/profile/darknetsearch.bsky.social/post/3mkrpovpy7k2q", "content": "\ud83d\udea8Darknetsearch.com NEW POST:\n\n\ud83c\udf10https://darknetsearch.com/knowledge/news/en/known-exploited-vulnerability-cpanel-cve-2026-41940/\n\n#Cybersecurity #DataBreach #InfoSecurity #PrivacyProtection #CyberThreats #RiskManagement #DarkWebMonitoring #DataProtection #CyberAwareness #HackerNews\n\nAsk for a DEMO.\ud83d\udcf9", "creation_timestamp": "2026-05-01T08:31:56.446070Z"}, {"uuid": "d803dca3-f068-4f3a-b16e-bd0f5468306c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mkrqdums622g", "content": "Critical cPanel and WHM bug exploited as a zero-day, PoC now available\n\nThe critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in the wild and has been leveraged in attempts since late February. [...]\n#hackernews #news", "creation_timestamp": "2026-05-01T08:43:38.294033Z"}, {"uuid": "78bfc401-15d2-4a54-bb90-7e5a82be3b84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://t.me/GithubRedTeam/82293", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a cpanel-cve-2026-41940\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a mahfuzreham\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Shell\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-01 07:53:51\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\ncPanel CVE-2026-41940 nuclear.x86 Security Audit & Cleanup Script\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-01T08:00:04.000000Z"}, {"uuid": "065b28c7-5f0c-4a24-96d9-3665806eed23", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41940", "type": "seen", "source": "https://bsky.app/profile/hn100.atproto.rocks/post/3mkrrbznzgl2v", "content": "CPanel and WHM Authentication Bypass \u2013 CVE-2026-41940\nhttps://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/\n\nhttps://news.ycombinator.com/item?id=47969288", "creation_timestamp": "2026-05-01T09:00:30.496100Z"}, {"uuid": "95f16dc5-757c-48eb-8eae-ea3a681cdbbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/infosecbot.bsky.social/post/3mkrrfaqv7y2o", "content": "cPanel ... anyone? \nCVE-2026-41940 Auth Bypass CVSS Score 9.8\n\n\"cPanel and WHM versions after 11.40 contain an authentication bypass vulnerability in the login flow that allows unauthenticated remote attackers to gain unauthoriz\u2026\n\n\u2014 from @cyb3rops (https://x.com/cyb3rops/status/2050133447734079517)", "creation_timestamp": "2026-05-01T09:02:17.790448Z"}, {"uuid": "85217002-6d3e-46ab-8e6c-ccf2d6d542da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/ransomnews.online/post/3mkrrvzcgxq2a", "content": "\ud83d\udea8 cPanel 0day hit 1.5 million exposed hosts\n\nCVE-2026-41940 has been exploited since at least February and lets attackers bypass authentication on #cPanel, WHM and WP Squared, with Namecheap blocking ports 2083 and 2087 before patches landed.\n\n\ud83d\udd17 read more: www.bleepingcomputer.com/news/securit...", "creation_timestamp": "2026-05-01T09:11:41.499856Z"}, {"uuid": "7b2d071b-ea2c-487b-9025-e2568ea818d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/hn-frontpage-bot.bsky.social/post/3mkrsebalic2a", "content": "A critical authentication bypass (CVE-2026-41940) affecting all cPanel & WHM versions has been exploited as a zero-day. The vulnerability allows attackers to inject session data via CRLF, bypassing authentication. Patches are available, and a detection tool has been released.", "creation_timestamp": "2026-05-01T09:19:38.619395Z"}, {"uuid": "12596651-e209-4f26-8fe7-4516e7e0469c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/kaldata.bsky.social/post/3mkrskrsucm25", "content": "\u0425\u0430\u043a\u0435\u0440\u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0435\u043a\u0441\u043f\u043b\u043e\u0430\u0442\u0438\u0440\u0430\u0442 \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u0430\u0442\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442 CVE-2026-41940 \u0432 cPanel \u0438 WebHost Manager (WHM) - \u0441\u044a\u0440\u0432\u044a\u0440\u0435\u043d \u0441\u043e\u0444\u0442\u0443\u0435\u0440 \u0437\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043d\u0430 \u0443\u0435\u0431 \u0445\u043e\u0441\u0442\u0438\u043d\u0433, \u043a\u043e\u0439\u0442\u043e \u0441\u0435 \u0438\u0437\u043f\u043e\u043b\u0437\u0432\u0430 \u043e\u0442 \u0434\u0435\u0441\u0435\u0442\u043a\u0438 \u043c\u0438\u043b\u0438\u043e\u043d\u0438 \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u0438\u0446\u0438 \u043d\u0430 \u0443\u0435\u0431\u0441\u0430\u0439\u0442\u043e\u0432\u0435 \u043f\u043e \u0446\u0435\u043b\u0438\u044f \u0441\u0432\u044f\u0442...", "creation_timestamp": "2026-05-01T09:23:17.465260Z"}, {"uuid": "3dd4ce06-da6f-4089-9998-b8eb917a3252", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/ytroncal.bsky.social/post/3mkrtk4i6zk2h", "content": "The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940) labs.watchtowr.com/the-internet...", "creation_timestamp": "2026-05-01T09:40:50.410102Z"}, {"uuid": "18d1375c-f44d-42a1-937f-5c5bfee5c356", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/channeltech.bsky.social/post/3mkrtr2itns2z", "content": "\u0423 cPanel \u0456 WHM \u0432\u0438\u044f\u0432\u043b\u0435\u043d\u043e \u0432\u0440\u0430\u0437\u043b\u0438\u0432\u0456\u0441\u0442\u044c CVE-2026-41940 \u2014 \u0434\u043e\u0437\u0432\u043e\u043b\u044f\u0454 \u043e\u0431\u0456\u0439\u0442\u0438 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0456\u044e \u0442\u0430 \u043e\u0442\u0440\u0438\u043c\u0430\u0442\u0438 \u043f\u043e\u0432\u043d\u0438\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u0434\u043e \u0441\u0435\u0440\u0432\u0435\u0440\u0430. \u041a\u0430\u043d\u0430\u0434\u0441\u044c\u043a\u0435 \u0430\u0433\u0435\u043d\u0442\u0441\u0442\u0432\u043e \u0437 \u043a\u0456\u0431\u0435\u0440\u0431\u0435\u0437\u043f\u0435\u043a\u0438 \u043e\u0446\u0456\u043d\u044e\u0454 \u0439\u043c\u043e\u0432\u0456\u0440\u043d\u0456\u0441\u0442\u044c \u0435\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0456\u0457 \u044f\u043a \u00ab\u0434\u0443\u0436\u0435 \u0432\u0438\u0441\u043e\u043a\u0443\u00bb \u0456 \u0432\u0438\u043c\u0430\u0433\u0430\u0454 \u043d\u0435\u0433\u0430\u0439\u043d\u043e\u0433\u043e \u043f\u0430\u0442\u0447\u0443\u0432\u0430\u043d\u043d\u044f.  channeltech.space/services/cpa...", "creation_timestamp": "2026-05-01T09:44:43.833404Z"}, {"uuid": "61412df7-8f7b-4642-bb2f-1e2bad1460da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41940", "type": "seen", "source": "https://infosec.exchange/users/decio/statuses/116497867082818457", "content": "\u26a0\ufe0f Si vous administrez ou connaissez quelqu\u2019un qui administre un ou des h\u00e9bergements avec cPanel & WHM, attention : la vuln\u00e9rabilit\u00e9 critique CVE-2026-41940  ( https://vulnerability.circl.lu/vuln/CVE-2026-41940 ) permets \u00e0 un attaquant distant de contourner l\u2019authentification et d\u2019obtenir un acc\u00e8s administrateur sans identifiants. L\u2019exploitation se fait via les interfaces HTTPS expos\u00e9es, sans interaction utilisateur, ce qui en fait un risque imm\u00e9diat pour les serveurs accessibles depuis Internet.\nCe type de faille est particuli\u00e8rement recherch\u00e9 par les cybercriminels et par certaines APT gravitant autour de la Russie : prise de contr\u00f4le d\u2019h\u00e9bergements, d\u00e9ploiement de webshells, d\u00e9tournement de domaines, modification DNS/mail, vol de donn\u00e9es ou rebond vers d\u2019autres syst\u00e8mes. \n\u00c0 corriger en priorit\u00e9 : appliquez les versions corrig\u00e9es, limitez l\u2019acc\u00e8s \u00e0 cPanel/WHM via VPN ou allowlist IP, et v\u00e9rifiez les journaux d\u2019acc\u00e8s.\n\ud83e\ude79 \ud83d\udc47 https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026\n\ud83d\udd0d \ud83d\udc47 https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/\n\u2b07\ufe0f https://www.rapid7.com/blog/post/etr-cve-2026-41940-cpanel-whm-authentication-bypass/\n\ud83d\udcac \u2b07\ufe0f https://infosec.pub/post/45774673\n#CyberVeille #cpanel #CVE_2026_41940", "creation_timestamp": "2026-05-01T06:19:40.588601Z"}, {"uuid": "cebcbec1-66f7-4cdc-8652-337290e967f5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://infosec.exchange/users/vuldb/statuses/116497957230756308", "content": "Attention, elevated activities detected targeting cPanel and WHM (CVE-2026-41940) https://vuldb.com/vuln/360168/cti", "creation_timestamp": "2026-05-01T06:42:35.990419Z"}, {"uuid": "89d657ab-fc22-4f55-a682-3dc1bafb08bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-04-30)", "content": "", "creation_timestamp": "2026-04-30T00:00:00.000000Z"}, {"uuid": "8b84f237-6e43-4cfc-81d0-a9f6752bd1aa", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/mm-ilsoftware-bot.bsky.social/post/3mkrunjzu662y", "content": "cPanel, bypass critico dell\u2019autenticazione: siti Web a rischio\nCVE-2026-41940: bug critico in cPanel permette bypass login e accesso root remoto. Dettagli tecnic...\nhttps://www.ilsoftware.it/cpanel-bypass-critico-dellautenticazione-siti-web-a-rischio/", "creation_timestamp": "2026-05-01T10:00:37.030410Z"}, {"uuid": "349551a4-db20-45e0-bf18-35df339638d1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/newsycombinatorbot.bsky.social/post/3mkrkt3u6622r", "content": "CPanel and WHM Authentication Bypass \u2013 CVE-2026-41940 (labs.watchtowr.com)\n\nDiscussion | Main Link", "creation_timestamp": "2026-05-01T07:04:46.153125Z"}, {"uuid": "17347733-bfef-4a92-bfdc-5562dca88fc9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-04-30)", "content": "", "creation_timestamp": "2026-04-30T00:00:00.000000Z"}, {"uuid": "2fbeaa68-4267-4d92-a38d-14cfc8e3cbae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mks6py2twc2g", "content": "cPanel zero-day exploited for months before patch release (CVE-2026-41940)\n\nA critical authentication bypass vulnerability (CVE-2026-41940) in cPanel, a popular web-based control panel for managing web hosting accounts, is being exploited by attackers in the wild. What\u2019s more, att\u2026\n#hackernews #news", "creation_timestamp": "2026-05-01T13:00:56.984200Z"}, {"uuid": "2db4f0dc-2bac-4caf-897f-031db874ad44", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/365tipu.cz/post/3mks6qp6kss2b", "content": "Bezpe\u010dnostn\u00ed v\u00fdzkumn\u00edci varuj\u00ed p\u0159ed zranitelnost\u00ed v cPanel a WHM (CVE-2026-41940), kter\u00e1 umo\u017e\u0148uje hacker\u016fm z\u00edskat pln\u00fd p\u0159\u00edstup k server\u016fm. techcrunch.com/2026/...\n___________________\n\ud83d\udce9 P\u0159ihlas se 365tipu.substack.com/", "creation_timestamp": "2026-05-01T13:01:20.724719Z"}, {"uuid": "964b74ba-7bb7-445e-9bcd-1036deefd5af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/shadowserver.bsky.social/post/3mksb7b5qfc2u", "content": "Attention! cPanel/WHM CVE-2026-41940 attacks ongoing, with at least 44K IPs likely compromised & seen scanning our honeypots on 2026-04-30. Follow latest guidance to track for compromise & patch: support.cpanel.net/hc/en-us/art... \n\nPublic Dashboard stats: dashboard.shadowserver.org/statistics/h...", "creation_timestamp": "2026-05-01T13:45:23.480190Z"}, {"uuid": "6983a82b-d819-4c35-965a-c1e19bfb14ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/shadowserver.bsky.social/post/3mksb7egfys2u", "content": "Attention! cPanel/WHM CVE-2026-41940 attacks ongoing, with at least 44K IPs likely compromised & seen scanning our honeypots on 2026-04-30. Follow latest guidance to track for compromise & patch: support.cpanel.net/hc/en-us/art... \n\nPublic Dashboard stats: dashboard.shadowserver.org/statistics/h...", "creation_timestamp": "2026-05-01T13:45:24.077231Z"}, {"uuid": "353b5963-9e0d-478a-84c4-53839e94fa41", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/shadowserver.bsky.social/post/3mksb7gtwhs2u", "content": "Attention! cPanel/WHM CVE-2026-41940 attacks ongoing, with at least 44K IPs likely compromised & seen scanning our honeypots on 2026-04-30. Follow latest guidance to track for compromise & patch: support.cpanel.net/hc/en-us/art... \n\nPublic Dashboard stats: dashboard.shadowserver.org/statistics/h...", "creation_timestamp": "2026-05-01T13:45:24.653304Z"}, {"uuid": "6f43e5e8-6a77-4820-8162-2b967b16eab5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/shadowserver.bsky.social/post/3mksb7gtxh22u", "content": "Attention! cPanel/WHM CVE-2026-41940 attacks ongoing, with at least 44K IPs likely compromised & seen scanning our honeypots on 2026-04-30. Follow latest guidance to track for compromise & patch: support.cpanel.net/hc/en-us/art... \n\nPublic Dashboard stats: dashboard.shadowserver.org/statistics/h...", "creation_timestamp": "2026-05-01T13:45:25.241666Z"}, {"uuid": "6d799320-13e1-4875-83eb-9ed14d9d8fcc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41940", "type": "seen", "source": "https://bsky.app/profile/techupdate.io/post/3mkrvj5zask2u", "content": "Sicherheitsl\u00fccke in cPanel: So sch\u00fctzt du deinen Webserver vor CVE-2026-41940\n\nhttps://techupdate.io/sicherheit/sicherheitsluecke-in-cpanel-so-schuetzt-du-deinen-webserver-vor-cve-2026-41940/51152/\n\n#technews #cybersecurity #sysadmin #cpanel #serversecurity #webhosting", "creation_timestamp": "2026-05-01T10:16:04.126760Z"}, {"uuid": "f34868c5-df4e-4c21-9319-7ffaa9ad109e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://infosec.exchange/users/shadowserver/statuses/116499627192882664", "content": "Attention! \ncPanel/WHM CVE-2026-41940 attacks ongoing, with at least 44K IPs likely compromised & seen scanning our honeypots on 2026-04-30.  Follow latest guidance to track for compromise & patch: https://support.cpanel.net/hc/en-us/articles/40073787579671-Security-CVE-2026-41940-cPanel-WHM-WP2-Security-Update-04-28-2026 \nSee Public Dashboard for stats: https://dashboard.shadowserver.org/statistics/honeypot/device/tree/?date_range=1&vendor=cpanel&data_set=count&scale=log&auto_update=on\n44K unique IP number is based on cPanel spike of devices seen scanning/running exploits/brute force attacks against our honeypot sensors.\nhttps://dashboard.shadowserver.org/statistics/honeypot/device/time-series/?date_range=7&vendor=cpanel&dataset=unique_ips&limit=100&group_by=vendor&stacking=stacked&auto_update=on\nYou can find likely newly compromised instances in our honeypot based reports with cPanel set in the device_vendor of the attacking device\n- Darknet Events Report https://www.shadowserver.org/what-we-do/network-reporting/honeypot-darknet-events-report/- Honeypot HTTP Scanner Events Reporthttps://www.shadowserver.org/what-we-do/network-reporting/honeypot-http-scanner-events/\n- Honeypot Brute Force Events Reporthttps://www.shadowserver.org/what-we-do/network-reporting/honeypot-brute-force-events-report/\nYou can also find exposed cPanel/WHM instances in our Device ID reporting with ~650K IPs seen hosting https://dashboard.shadowserver.org/statistics/iot-devices/time-series/?date_range=7&vendor=cpanel&dataset=count&limit=1000&group_by=geo&stacking=stacked&auto_update=on", "creation_timestamp": "2026-05-01T13:47:18.617334Z"}, {"uuid": "a97d5d67-149a-48be-ac5e-03d055a1e4b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/lobsters-feed.bsky.social/post/3mkrvqcqn672z", "content": "cPanel & WHM Authentication Bypass (CVE-2026-41940) https://lobste.rs/s/m8t9px #php #security ", "creation_timestamp": "2026-05-01T10:20:04.466594Z"}, {"uuid": "6b272211-a8db-4c9c-bc30-f2a33d466b62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://t.me/GithubRedTeam/82332", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-41940\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Christian93111\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-01 14:58:51\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\ncPanel/WHM Authentication Bypass PoC\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-01T15:00:04.000000Z"}, {"uuid": "2d6081d3-7afc-49f9-999e-70940442b248", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mkryhmjaojf2", "content": "Actively exploited cPanel bug exposes millions of websites to takeover A vulnerability in the cPanel/WHM admin interface lets attackers access websites without a username and password. Security res...\n\n#Bugs #Data #breaches #News #cPanel #CVE-2026-41940\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-01T11:08:57.652335Z"}, {"uuid": "0a06ab46-bd1d-41d8-84df-dc8e23659af1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://t.me/GithubRedTeam/82359", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a cpanel-sessionscribe\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a rfxn\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Shell\n\u2b50 Star\u6570\u91cf\uff1a 4  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-01 17:56:30\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nDetection, mitigation, and reverse-engineering tooling for CVE-2026-41940 (SessionScribe): the cPanel/WHM unauthenticated session-forgery vulnerability disclosed 2026-04-28. Defense-in-depth active mitigation shim, ModSec rule pack, remote probe, on-host IOC scanner, and per-tier RE snapshot collector. GPL v2.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-01T18:00:04.000000Z"}, {"uuid": "e0edaed1-d96f-49e2-b00b-dc6d6b91585e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://t.me/BleepingComputer/24573", "content": "\u200aCritical cPanel and WHM bug exploited as a zero-day, PoC now available\n\nThe critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in the wild and has been leveraged in attempts since late February. [...]\n\nhttps://www.bleepingcomputer.com/news/security/critical-cpanel-and-whm-bug-exploited-as-a-zero-day-poc-now-available/", "creation_timestamp": "2026-04-30T12:31:12.000000Z"}, {"uuid": "51d22716-d2e2-43ea-b92f-f3679925a33b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/bizanosa.bsky.social/post/3mks2woi7oj2y", "content": "CVE-2026-41940: cPanel & WHM Authentication Bypass \u2013 Contact\u00a0Bizanosa\n\nStruggling with CVE-2026-41940: cPanel & WHM Authentication Bypass, contact Bizanosa for resolution. Let us get you back online. After this, you are surely going to want to subscribe for Bizanosa Expert care. Contact us and\u2026", "creation_timestamp": "2026-05-01T11:53:06.517016Z"}, {"uuid": "0c1c308a-851d-4f59-93c0-077cb9a577c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://t.me/BleepingComputer/24590", "content": "\u200aCritrical cPanel flaw mass-exploited in \"Sorry\" ransomware attacks\n\nA new disclosed cPanel flaw tracked as CVE-2026-41940 is being mass-exploited to breach websites and encrypt data in \"Sorry\" ransomware attacks. [...]\n\nhttps://www.bleepingcomputer.com/news/security/critrical-cpanel-flaw-mass-exploited-in-sorry-ransomware-attacks/", "creation_timestamp": "2026-05-02T22:00:50.000000Z"}, {"uuid": "4fd6c715-b526-4eff-a879-16d100ea428b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "Telegram/ffbBuRmdSYe3lYPKfhQOupnrAX2e3gYPd5TMJ-uBERknFqY", "content": "", "creation_timestamp": "2026-04-30T11:00:14.000000Z"}, {"uuid": "9cf69ed3-7a39-4a99-b158-0b952a3984a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "Telegram/rYfhm_004exykZ8do5dalE7YB53CRVnjuhduYoE7gKkXMgc", "content": "", "creation_timestamp": "2026-05-01T09:00:04.000000Z"}, {"uuid": "3f727043-7fb2-42cd-aefc-10f9a30fb851", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "Telegram/ilj7-w0C4NWXTAZYwiTR68v2Cg46brLVMoWECZr8IZK8Y9I", "content": "", "creation_timestamp": "2026-04-30T19:00:12.000000Z"}, {"uuid": "65a90333-9e13-4835-8297-438b92e523e0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "Telegram/P45NJHmymloXtZI_QDhqedqg_rJijkJmCthR1UJzeSteIHM", "content": "", "creation_timestamp": "2026-04-30T23:00:10.000000Z"}, {"uuid": "3ef6958e-5e13-483a-8034-400190113049", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://t.me/thehackernews/8903", "content": "\u26a0\ufe0f UPDATE: #cPanel flaw now tracked as CVE-2026-41940 (CVSS 9.8)\u2014an auth bypass granting unauthenticated admin access.\n\nActively exploited as a 0-day for weeks. Root cause: CRLF injection lets attackers forge sessions and escalate to root.\n\n\ud83d\udd17 Exploit mechanics and real-world impact \u2192 https://thehackernews.com/2026/04/critical-cpanel-authentication.html", "creation_timestamp": "2026-04-30T08:54:20.000000Z"}, {"uuid": "a1e155a7-c19b-4318-9b9f-90db5a7f689a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "Telegram/3tKSA63ykFsNCx7Ci_YM-GlAoFttSrYjQJCM_fsQcGoJpDo", "content": "", "creation_timestamp": "2026-04-30T15:00:06.000000Z"}, {"uuid": "44c415cc-8ed4-47e3-8ed3-134f7a82f965", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "Telegram/k5OTU-9lUzFKUTq8zqq2Ea-jY-aJMqpZsl5nZtaT5jx_Wu8", "content": "", "creation_timestamp": "2026-04-30T15:00:27.000000Z"}, {"uuid": "36110da7-a6ab-4d86-8817-f6c74ef31a2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "Telegram/yjUnQ6hKYXBxzaCr4Cr42UE0MHqi1VzU3UchLcz_NxtZwAY", "content": "", "creation_timestamp": "2026-04-30T09:00:04.000000Z"}, {"uuid": "4686adb9-dd42-424c-a514-7e1fd79802db", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://t.me/dualhex/1997", "content": "CVE-2026-41940 Vulnerability Found\nTarget: lantamal6-koarmada2.tnial.mil.id\nPort: 443", "creation_timestamp": "2026-05-02T10:20:54.000000Z"}, {"uuid": "3b1afb6d-6247-4e27-bd2e-41bf64f340ba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "Telegram/P5bUU6aFVi3_TImC6WDx24HeHf8RVUggO7fw0-2Q4WCtYm0", "content": "", "creation_timestamp": "2026-04-30T07:00:11.000000Z"}, {"uuid": "67e87191-70e7-4771-93ae-2c4d7948f13e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "Telegram/TYuQV-nd2shxDotowQDGMIReMv7gTvEeMY_osL7KThuex0s", "content": "", "creation_timestamp": "2026-04-29T21:00:04.000000Z"}, {"uuid": "3296f11e-881b-4400-8b6a-a237abd9c113", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "Telegram/XJFCu5UGSlf8LdrBjxjYOz5idEEI2EMesOUI85-NmJpK1tU", "content": "", "creation_timestamp": "2026-04-30T03:00:10.000000Z"}, {"uuid": "49823e27-bcde-4736-a78e-a05d33ab8651", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://t.me/true_secator/8162", "content": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 cPanel, \u043a\u0440\u043e\u043c\u0435 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0445, \u0430 \u0442\u0430\u043a\u0436\u0435 \u043f\u0430\u043d\u0435\u043b\u044c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f WebHost Manager (WHM), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u0440\u0435\u0430\u043b\u0438\u0437\u043e\u0432\u0430\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u043f\u0430\u043d\u0435\u043b\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 \u043d\u0430\u0441\u0442\u043e\u044f\u0449\u0435\u0435 \u0432\u0440\u0435\u043c\u044f \u0438\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u0446\u0438\u0440\u043e\u0432\u0430\u043d\u0430 \u043a\u0430\u043a\u00a0CVE-2026-41940 \u0438 \u0438\u043c\u0435\u0435\u0442 \u043e\u0446\u0435\u043d\u043a\u0443 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u0438 9,8. \u041e\u043d\u0430 \u0431\u044b\u043b\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0432 \u044d\u043a\u0441\u0442\u0440\u0435\u043d\u043d\u043e\u043c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0438, \u043e\u0434\u043d\u0430\u043a\u043e \u0434\u043b\u044f \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u041f\u041e \u0442\u0440\u0435\u0431\u0443\u0435\u0442\u0441\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u0443 \u0432\u0440\u0443\u0447\u043d\u0443\u044e.\n\nWHM \u0438 cPanel, \u043f\u0440\u0438\u043d\u0430\u0434\u043b\u0435\u0436\u0430\u0449\u0438\u0435 WebPros International, \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u044e\u0442 \u0441\u043e\u0431\u043e\u0439 \u043f\u0430\u043d\u0435\u043b\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0445\u043e\u0441\u0442\u0438\u043d\u0433\u043e\u043c \u043d\u0430 \u0431\u0430\u0437\u0435 Linux \u0438 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044e\u0442 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c \u0438 \u0441\u0430\u0439\u0442\u043e\u043c.\n\nWHM \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0435\u0442 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043d\u0430 \u0443\u0440\u043e\u0432\u043d\u0435 \u0441\u0435\u0440\u0432\u0435\u0440\u0430, \u0430 cPanel \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u043e\u0439 \u043f\u0430\u043d\u0435\u043b\u0438 \u0441\u0430\u0439\u0442\u0430, \u043f\u043e\u0447\u0442\u0435 \u0438 \u0431\u0430\u0437\u0430\u043c \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u041e\u0431\u0430 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u0430 \u0432\u0445\u043e\u0434\u044f\u0442 \u0432 \u0447\u0438\u0441\u043b\u043e \u043d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u0445 \u043f\u0430\u043d\u0435\u043b\u0435\u0439 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0445\u043e\u0441\u0442\u0438\u043d\u0433\u043e\u043c, \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u044b\u0445 \u0441\u0440\u0435\u0434\u0438 \u043c\u043d\u043e\u0433\u0438\u0445 \u0445\u043e\u0441\u0442\u0438\u043d\u0433-\u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440\u043e\u0432 \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u0441\u0442\u0430\u043d\u0434\u0430\u0440\u0442\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430\u043c, \u043f\u0440\u043e\u0441\u0442\u043e\u0442\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u043d\u0435\u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u0438 \u0433\u043b\u0443\u0431\u043e\u043a\u043e\u0439 \u0438\u043d\u0442\u0435\u0433\u0440\u0430\u0446\u0438\u0438 \u0441 \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u043d\u044b\u043c\u0438 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430\u043c\u0438 \u0445\u043e\u0441\u0442\u0438\u043d\u0433\u0430.\n\n\u0422\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e \u043d\u0435 \u0440\u0430\u0437\u0433\u043b\u0430\u0448\u0430\u043b\u0438\u0441\u044c, \u043d\u043e \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u043e\u0441\u0442\u044c \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u043f\u0440\u0435\u0434\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439, \u043f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 Namecheap \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043b\u0430 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u043e\u0440\u0442\u0430\u043c 2083 \u0438 2087, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u043c \u0434\u043b\u044f WHM \u0438 cPanel, \u0434\u0430\u0431\u044b \u0437\u0430\u0449\u0438\u0442\u0438\u0442\u044c \u043a\u043b\u0438\u0435\u043d\u0442\u043e\u0432 \u0434\u043e \u0432\u044b\u0445\u043e\u0434\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439.\n\n\u0425\u043e\u0441\u0442\u0438\u043d\u0433-\u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440 \u0437\u0430\u044f\u0432\u0438\u043b, \u0447\u0442\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u043e\u043c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u043f\u0440\u0438 \u0432\u0445\u043e\u0434\u0435 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0435\u0442 \u043d\u0435\u0441\u0430\u043d\u043a\u0446\u0438\u043e\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u0430\u043d\u0435\u043b\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f.\n\n\u0427\u0435\u0440\u0435\u0437 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u043e \u0447\u0430\u0441\u043e\u0432 \u043f\u043e\u0441\u043b\u0435 \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044f \u043e\u0442 Namecheap, cPanel\u00a0\u0432\u044b\u043a\u0430\u0442\u0438\u043b\u0430 \u0431\u044e\u043b\u043b\u0435\u0442\u0435\u043d\u044c \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0430, \u0447\u0442\u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430  \u0431\u044b\u043b\u0430 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430 \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445: 11.110.0.97, 11.118.0.63, 11.126.0.54, 11.132.0.29, 11.136.0.5 \u0438 11.134.0.20.\n\n\u0414\u043b\u044f \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u043f\u043e\u0441\u0442\u0430\u0432\u0449\u0438\u043a \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043a\u043e\u043c\u0430\u043d\u0434\u0443 /scripts/upcp \u2013force, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442 \u043f\u0440\u043e\u0446\u0435\u0441\u0441 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f cPanel \u0438 \u043f\u0440\u0438\u043d\u0443\u0434\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0435\u0442 \u0435\u0433\u043e, \u0434\u0430\u0436\u0435 \u0435\u0441\u043b\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u0430 \u0441\u0447\u0438\u0442\u0430\u0435\u0442, \u0447\u0442\u043e \u0443\u0436\u0435 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 \u043d\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438.\n\n\u0421\u0435\u0440\u0432\u0435\u0440\u044b, \u0440\u0430\u0431\u043e\u0442\u0430\u044e\u0449\u0438\u0435 \u043f\u043e\u0434 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u043d\u0435\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 cPanel, \u043d\u0435 \u0438\u043c\u0435\u044e\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438. \u0412 \u044d\u0442\u043e\u043c \u0441\u043b\u0443\u0447\u0430\u0435 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c cPanel \u0434\u043e \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438.\n\n\u0417\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u043f\u043e\u043b\u0443\u0447\u0438\u0432\u0448\u0438\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a cPanel, \u0441\u043c\u043e\u0436\u0435\u0442 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432\u0441\u0451, \u0447\u0442\u043e \u043d\u0430\u0445\u043e\u0434\u0438\u0442\u0441\u044f \u0432 \u0443\u0447\u0435\u0442\u043d\u043e\u0439 \u0437\u0430\u043f\u0438\u0441\u0438 \u0445\u043e\u0441\u0442\u0438\u043d\u0433\u0430, \u043e\u0442 \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u043e\u0432 \u0438 \u0434\u0430\u043d\u043d\u044b\u0445 \u0434\u043e \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043f\u043e\u0447\u0442\u044b.\n\n\u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u043e\u043d \u043f\u043e\u043b\u0443\u0447\u0438\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u044d\u0442\u043e\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u0434\u043b\u044f \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u044f \u0431\u044d\u043a\u0434\u043e\u0440\u043e\u0432 \u0438\u043b\u0438 \u0432\u0435\u0431-\u043e\u0431\u043e\u043b\u043e\u0447\u0435\u043a, \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 \u043d\u0430 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u044b, \u043a\u0440\u0430\u0436\u0438 \u043a\u043e\u043d\u0444\u0438\u0434\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432, \u0440\u0430\u0441\u0441\u044b\u043b\u043a\u0438 \u0441\u043f\u0430\u043c\u0430 \u0438\u043b\u0438 \u0444\u0438\u0448\u0438\u043d\u0433\u0430, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0441\u0431\u043e\u0440\u0430 \u043f\u0430\u0440\u043e\u043b\u0435\u0439 \u0438\u0437 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432.\n\nWHM \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f \u043a\u043e \u0432\u0441\u0435\u043c\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0443 \u0438 \u0432\u0441\u0435\u043c \u0440\u0430\u0437\u043c\u0435\u0449\u0435\u043d\u043d\u044b\u043c \u043d\u0430 \u043d\u0435\u043c \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u0430\u043c, \u0442\u0430\u043a \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u0441\u043c\u043e\u0436\u0435\u0442 \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u0442\u044c \u0438 \u0443\u0434\u0430\u043b\u044f\u0442\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0437\u0430\u043f\u0438\u0441\u0438 cPanel, \u0438\u043c\u0435\u0442\u044c \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043c\u0430\u0448\u0438\u043d\u0435 \u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0435\u0435 \u0434\u043b\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0445 \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439 (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u043f\u0440\u043e\u043a\u0441\u0438-\u0442\u0440\u0430\u0444\u0438\u043a, \u0441\u043f\u0430\u043c, \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0435 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0433\u043e \u041f\u041e, \u0431\u043e\u0442\u043d\u0435\u0442).\n\n\u0412\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430\u043c \u0432\u0435\u0431-\u0441\u0430\u0439\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u043c \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0435 \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f, \u0441\u043b\u0435\u0434\u0443\u0435\u0442 \u0443\u0431\u0435\u0434\u0438\u0442\u044c\u0441\u044f, \u0447\u0442\u043e \u043e\u043d\u0438 \u043e\u0431\u043d\u043e\u0432\u0438\u043b\u0438\u0441\u044c \u0434\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438.", "creation_timestamp": "2026-04-30T15:30:07.000000Z"}, {"uuid": "c6d2240a-5ca2-41c5-b210-49ed19852be7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://t.me/true_secator/8164", "content": "\u041d\u0435 \u043c\u043e\u0436\u0435\u043c \u043d\u0435 \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c \u0432 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0435\u043d\u0438\u0435 \u043d\u0430\u0448\u0435\u0433\u043e \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0435\u0433\u043e \u043c\u0430\u0442\u0435\u0440\u0438\u0430\u043b\u0430, \u0447\u0442\u043e \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u043c\u0435\u0441\u044f\u0446\u0435\u0432 \u0445\u0430\u043a\u0435\u0440\u044b \u0443\u0436\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c \u0438 \u0441\u0430\u0439\u0442\u043e\u043c cPanel & WHM (WebHost Manager).\n\nCVE-2026-41940 (CVSS 9,8) \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 28 \u0430\u043f\u0440\u0435\u043b\u044f \u0438, \u043a\u0430\u043a \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u044e\u0442 \u043d\u0430 Reddit \u043e\u0442 \u0445\u043e\u0441\u0442\u0438\u043d\u0433-\u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440\u0430 KnownHost, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0441 23 \u0444\u0435\u0432\u0440\u0430\u043b\u044f 2026 \u0433\u043e\u0434\u0430.\n\n\u0422\u043e\u0433\u0434\u0430 \u0436\u0435 \u0441\u0440\u0430\u0437\u0443 \u043f\u043e\u0441\u043b\u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044f \u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435\u00a0KnownHost, HostPapa, InMotion,\u00a0Namecheap\u00a0\u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u0445\u043e\u0441\u0442\u0438\u043d\u0433-\u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440\u044b \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u043e\u0440\u0442\u0430\u043c cPanel \u0438 WHM \u0434\u043b\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0433\u043e \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439.\n\n\u0410\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u044f CVE-2026-41940, WatchTowr \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430, \u0447\u0442\u043e \u043f\u0440\u0438 \u043d\u0435\u0443\u0434\u0430\u0447\u043d\u043e\u0439 \u043f\u043e\u043f\u044b\u0442\u043a\u0435 \u0432\u0445\u043e\u0434\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u0434\u0435\u043c\u043e\u043d \u0441\u043b\u0443\u0436\u0431\u044b cPanel \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442 \u043d\u0430 \u0434\u0438\u0441\u043a \u0444\u0430\u0439\u043b \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u0438 \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c cookie-\u0444\u0430\u0439\u043b\u043e\u043c \u0442\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c, \u0447\u0442\u043e\u0431\u044b \u0432 \u043d\u0435\u0433\u043e \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0432\u0438\u0434\u0435 \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u043b\u0438\u0441\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435, \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c.\n\n\u041f\u043e \u0441\u0443\u0442\u0438, \u044d\u0442\u0430 \u043e\u0448\u0438\u0431\u043a\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0435 \u0441\u0438\u043c\u0432\u043e\u043b\u044b \u0447\u0435\u0440\u0435\u0437 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043e\u043a \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u0437\u0430\u043f\u0438\u0441\u0438 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u0445 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u0432 \u0432 \u0444\u0430\u0439\u043b \u0441\u0435\u0441\u0441\u0438\u0438, \u0430 \u0437\u0430\u0442\u0435\u043c \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0435\u0440\u0435\u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u0444\u0430\u0439\u043b\u0430 \u0434\u043b\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u043d\u044b\u0445 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445.\n\ncPanel \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u0441\u043a\u0440\u0438\u043f\u0442 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f, \u0430 WatchTowr \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0433\u0435\u043d\u0435\u0440\u0430\u0442\u043e\u0440 \u0430\u0440\u0442\u0435\u0444\u0430\u043a\u0442\u043e\u0432 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043c\u043e\u0447\u044c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0432\u044b\u044f\u0432\u043b\u044f\u0442\u044c \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u0438 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438.\n\n\u0412 \u0446\u0435\u043b\u043e\u043c, \u0442\u0435\u043b\u0435\u043c\u0435\u0442\u0440\u0438\u044f Shodan \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u043e\u043a\u043e\u043b\u043e 1,5 \u043c\u043b\u043d. \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0447\u0435\u0440\u0435\u0437 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 cPanel, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u0430\u0442\u0430\u043a\u0430\u043c.", "creation_timestamp": "2026-04-30T18:30:06.000000Z"}, {"uuid": "c5354b8e-43d3-4a29-a80a-715d8e19c727", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://t.me/CyberSecurityIL/84181", "content": "\u05e9\u05d9\u05de\u05d5 \u05dc\u05d7\u05d5\u05dc\u05e9\u05d4 \u05e7\u05e8\u05d9\u05d8\u05d9\u05ea (CVE-2026-41940, cvss 9.8) \u05d1\u05de\u05e2\u05e8\u05db\u05ea \u05e0\u05d9\u05d4\u05d5\u05dc \u05d0\u05ea\u05e8\u05d9 \u05d4\u05d0\u05d9\u05e0\u05d8\u05e8\u05e0\u05d8 cPanel.\n\n\u05e4\u05e8\u05d8\u05d9\u05dd \u05e0\u05d5\u05e1\u05e4\u05d9\u05dd \u05db\u05d0\u05df.\n\nhttps://t.me/CyberSecurityIL/8861", "creation_timestamp": "2026-05-01T15:18:56.000000Z"}, {"uuid": "46d13e22-0673-48ad-bd3d-1cfdbd05bfbf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://t.me/htfgtps/993", "content": "Pengguna cPanel dan WHM kembali mendapat peringatan serius terkait keamanan server hosting. Sebuah vulnerability baru dengan kode CVE-2026-41940 ditemukan pada cPanel & WHM dan dikategorikan sebagai kerentanan kritis dengan skor CVSS 9.8.\n\nKerentanan ini menjadi perhatian besar karena memungkinkan attacker melakukan authentication bypass, yaitu melewati proses login tanpa membutuhkan username dan password yang valid.\nhttps://buletinsiber.com/cve-2026-41940-celah-authentication-bypass-kritis-pada-cpanel-whm", "creation_timestamp": "2026-05-01T17:58:44.000000Z"}, {"uuid": "d77e15fe-b264-45d1-a840-a9a33882d28a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "Telegram/VZeeypARXkvMlULXcP2IjG4vReJ0t9VhcOi0vz0KF3ybbfY", "content": "", "creation_timestamp": "2026-05-01T21:00:04.000000Z"}, {"uuid": "499b4ecd-1ea1-4fda-b4e8-06745549fde0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "Telegram/7QlwzNIR_X5g9vTBRsuXOB5NZOCwzi6d7HbUehnl_JOO7Qs", "content": "", "creation_timestamp": "2026-05-02T03:00:04.000000Z"}, {"uuid": "9f4c62f9-feca-4f77-9301-0a1ccab0a68b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "Telegram/IgMXaUeI6SNBAHCh-M4SenGrw1gGeF6CA1UICLI_4bYZDIs", "content": "", "creation_timestamp": "2026-05-01T15:00:06.000000Z"}, {"uuid": "fbb70eca-4ff9-46af-a8a0-db8663d1a9be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/opsmatters.com/post/3mkypwv2eqk2j", "content": "The latest update for #CyCognito includes \"Emerging Threat: (CVE-2026-41940) cPanel & WHM Authentication Bypass via CRLF Injection\" and \"Emerging Threat: (CVE-2026-3854) #GitHub Enterprise Server RCE via Git Push Injection\".\n \n#cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X", "creation_timestamp": "2026-05-04T03:24:59.989104Z"}, {"uuid": "05f91f3a-72f4-4641-8551-d6c04a69e2b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/linux.activitypub.awakari.com.ap.brid.gy/post/3mkyzv47urp22", "content": "Linux : les donn\u00e9es des serveurs cPanel chiffr\u00e9es par le ransomware Sorry La faille de s\u00e9curit\u00e9 critique affectant cPanel et WHM, associ\u00e9e \u00e0 la r\u00e9f\u00e9rence CVE-2026-41940, est exploit\u00e9e mass...\n\n#Actu #Cybers\u00e9curit\u00e9 #Cybers\u00e9curit\u00e9 #Vuln\u00e9rabilit\u00e9\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-04T06:23:43.721609Z"}, {"uuid": "163bc060-9914-46ca-ad58-e9ec0e9fb26e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/it-connect.bsky.social/post/3mkz2tg5p2p2h", "content": "\u26a0\ufe0f Ransomware Sorry\n\nLes instances cPanel sont actuellement cibl\u00e9es. Les pirates exploitent la faille critique CVE-2026-41940 pour ensuite chiffrer les fichiers du serveur Linux avec le ransomware Sorry.\n\nPlus d'infos \ud83d\udc47  \n- www.it-connect.fr/linux-les-do...\n\n#linux #cpanel #ransomware", "creation_timestamp": "2026-05-04T06:39:55.966573Z"}, {"uuid": "01197935-ac2a-476b-bd86-565564b94314", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41940", "type": "seen", "source": "https://bsky.app/profile/lu1tr0n.bsky.social/post/3mky26i7fhw2s", "content": "CVE-2026-41940: el bypass de autenticaci\u00f3n en cPanel que estuvo activo nueve semanas como zero-day\n\n\nhttps://elsolitario.org/2026/05/03/cve-2026-41940-el-bypass-de-autenticacion-en-cpanel-que-estuvo-activo-nueve-sema/?utm_source=bluesky&utm_medium=social&utm_campaign=programacion", "creation_timestamp": "2026-05-03T20:55:34.136853Z"}, {"uuid": "9dcfa88a-2373-46dd-8004-d74f43280a99", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41940", "type": "seen", "source": "https://bsky.app/profile/lu1tr0n.bsky.social/post/3mky27aqpg42q", "content": "CVE-2026-41940: el bypass de autenticaci\u00f3n en cPanel que estuvo activo nueve semanas como zero-day\n\n\nhttps://elsolitario.org/2026/05/03/cve-2026-41940-el-bypass-de-autenticacion-en-cpanel-que-estuvo-activo-nueve-sema/?utm_source=bluesky&utm_medium=social&utm_campaign=programacion", "creation_timestamp": "2026-05-03T20:55:58.601386Z"}, {"uuid": "0a61e9e4-e01f-430e-86da-e94a4a9cc677", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mky3jlf4hy2z", "content": "CVE-2026-41940: CRLF Injection Opens 70 Million cPanel Hosts to Complete Takeover +\u00a0Video\n\nIntroduction: A maximum-severity vulnerability tracked as CVE-2026-41940 (CVSS 10.0) is currently being exploited in the wild, compromising thousands of servers hosting an estimated 70 million domains. The\u2026", "creation_timestamp": "2026-05-03T21:19:38.983879Z"}, {"uuid": "e2976f2f-b6f1-4bf2-88c0-e0a73e6baae5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://t.me/GithubRedTeam/82670", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CPanel-Audit-Remediation-Tool\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Underh0st\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-03 20:58:59\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nAudit and incident response tool for CVE-2026-41940 vulnerability\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-03T21:00:04.000000Z"}, {"uuid": "44ba3bec-4440-433c-91ce-836403edf333", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/intel.overresearched.net/post/3mkycjqiwsc2t", "content": "cPanel CVE-2026-41940 mass-exploited\u201444k+ hosts hit with Go-based \"Sorry\" Linux ransomware. Critical libssh2 & binutils RCEs disclosed. Shinyhunters, M3rx & Everest all posted fresh victims.\n\nFull brief: intel.overresearched.net/2026/05/03/c...\n\n #Daily #ThreatIntel #InfoSec", "creation_timestamp": "2026-05-03T23:25:00.717203Z"}, {"uuid": "ea276351-5160-4000-8e63-f79a9a5ccf08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3mkyitnm5s22g", "content": "Critrical cPanel flaw mass-exploited in \"Sorry\" ransomware attacks\n\nA new disclosed cPanel flaw tracked as CVE-2026-41940 is being mass-exploited to breach websites and encrypt data in \"Sorry\" ransomware attacks. [...]\n#hackernews #news", "creation_timestamp": "2026-05-04T01:17:55.900320Z"}, {"uuid": "8b50c741-b8c8-4097-b453-7a930f370bb9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mkymuhf3uq2z", "content": "Top 3 CVE for last 7 days:\nCVE-2026-31431: 481 interactions\nCVE-2026-41940: 74 interactions\nCVE-2026-3854: 57 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-31431: 26 interactions\nCVE-2026-41940: 6 interactions\nCVE-2026-5404: 4 interactions\n", "creation_timestamp": "2026-05-04T02:29:57.456615Z"}, {"uuid": "f3b0f98f-91ee-43bc-919a-35e34860804e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://t.me/S_E_Reborn/6333", "content": "\u041d\u0435 \u043c\u043e\u0436\u0435\u043c \u043d\u0435 \u043e\u0442\u043c\u0435\u0442\u0438\u0442\u044c \u0432 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0435\u043d\u0438\u0435 \u043d\u0430\u0448\u0435\u0433\u043e \u043f\u0440\u0435\u0434\u044b\u0434\u0443\u0449\u0435\u0433\u043e \u043c\u0430\u0442\u0435\u0440\u0438\u0430\u043b\u0430, \u0447\u0442\u043e \u0432 \u0442\u0435\u0447\u0435\u043d\u0438\u0435 \u043d\u0435\u0441\u043a\u043e\u043b\u044c\u043a\u0438\u0445 \u043c\u0435\u0441\u044f\u0446\u0435\u0432 \u0445\u0430\u043a\u0435\u0440\u044b \u0443\u0436\u0435 \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0438 \u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u043c \u0438 \u0441\u0430\u0439\u0442\u043e\u043c cPanel & WHM (WebHost Manager).\n\nCVE-2026-41940 (CVSS 9,8) \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 28 \u0430\u043f\u0440\u0435\u043b\u044f \u0438, \u043a\u0430\u043a \u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u044e\u0442 \u043d\u0430 Reddit \u043e\u0442 \u0445\u043e\u0441\u0442\u0438\u043d\u0433-\u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440\u0430 KnownHost, \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0441 23 \u0444\u0435\u0432\u0440\u0430\u043b\u044f 2026 \u0433\u043e\u0434\u0430.\n\n\u0422\u043e\u0433\u0434\u0430 \u0436\u0435 \u0441\u0440\u0430\u0437\u0443 \u043f\u043e\u0441\u043b\u0435 \u043f\u043e\u043b\u0443\u0447\u0435\u043d\u0438\u044f \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044f \u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0435\u00a0KnownHost, HostPapa, InMotion,\u00a0Namecheap\u00a0\u0438 \u0434\u0440\u0443\u0433\u0438\u0435 \u0445\u043e\u0441\u0442\u0438\u043d\u0433-\u043f\u0440\u043e\u0432\u0430\u0439\u0434\u0435\u0440\u044b \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u043e\u0440\u0442\u0430\u043c cPanel \u0438 WHM \u0434\u043b\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0433\u043e \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0439.\n\n\u0410\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u0443\u044f CVE-2026-41940, WatchTowr \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430, \u0447\u0442\u043e \u043f\u0440\u0438 \u043d\u0435\u0443\u0434\u0430\u0447\u043d\u043e\u0439 \u043f\u043e\u043f\u044b\u0442\u043a\u0435 \u0432\u0445\u043e\u0434\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u0434\u0435\u043c\u043e\u043d \u0441\u043b\u0443\u0436\u0431\u044b cPanel \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0435\u0442 \u043d\u0430 \u0434\u0438\u0441\u043a \u0444\u0430\u0439\u043b \u043f\u0440\u0435\u0434\u0432\u0430\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u0438 \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a \u043c\u043e\u0436\u0435\u0442 \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c cookie-\u0444\u0430\u0439\u043b\u043e\u043c \u0442\u0430\u043a\u0438\u043c \u043e\u0431\u0440\u0430\u0437\u043e\u043c, \u0447\u0442\u043e\u0431\u044b \u0432 \u043d\u0435\u0433\u043e \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0432\u0438\u0434\u0435 \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u043b\u0438\u0441\u044c \u0443\u0447\u0435\u0442\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435, \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u0443\u0435\u043c\u044b\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c.\n\n\u041f\u043e \u0441\u0443\u0442\u0438, \u044d\u0442\u0430 \u043e\u0448\u0438\u0431\u043a\u0430 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0443 \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u044b\u0435 \u0441\u0438\u043c\u0432\u043e\u043b\u044b \u0447\u0435\u0440\u0435\u0437 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043e\u043a \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u0437\u0430\u043f\u0438\u0441\u0438 \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u044b\u0445 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u0432 \u0432 \u0444\u0430\u0439\u043b \u0441\u0435\u0441\u0441\u0438\u0438, \u0430 \u0437\u0430\u0442\u0435\u043c \u0438\u043d\u0438\u0446\u0438\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0435\u0440\u0435\u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0443 \u0444\u0430\u0439\u043b\u0430 \u0434\u043b\u044f \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u043d\u044b\u0445 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445.\n\ncPanel \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u0441\u043a\u0440\u0438\u043f\u0442 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f, \u0430 WatchTowr \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u0433\u0435\u043d\u0435\u0440\u0430\u0442\u043e\u0440 \u0430\u0440\u0442\u0435\u0444\u0430\u043a\u0442\u043e\u0432 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f, \u0447\u0442\u043e\u0431\u044b \u043f\u043e\u043c\u043e\u0447\u044c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430\u043c \u0432\u044b\u044f\u0432\u043b\u044f\u0442\u044c \u043f\u0440\u0438\u0437\u043d\u0430\u043a\u0438 \u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0430\u0446\u0438\u0438.\n\n\u0412 \u0446\u0435\u043b\u043e\u043c, \u0442\u0435\u043b\u0435\u043c\u0435\u0442\u0440\u0438\u044f Shodan \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u0442 \u043e\u043a\u043e\u043b\u043e 1,5 \u043c\u043b\u043d. \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0445 \u0447\u0435\u0440\u0435\u0437 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442 \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 cPanel, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u043c\u043e\u0433\u0443\u0442 \u0431\u044b\u0442\u044c \u043f\u043e\u0434\u0432\u0435\u0440\u0436\u0435\u043d\u044b \u0430\u0442\u0430\u043a\u0430\u043c.", "creation_timestamp": "2026-05-01T09:12:42.000000Z"}, {"uuid": "30ea18bc-f78c-4e63-a4e1-71b698ae88bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/nuke86.rfeed.it/post/3mkz4qgp4fq2u", "content": "CVE-2026-41940: Il Bug CRLF di cPanel che ha Consegnato 44.000 Server al Ransomware \u201cSorry\u201d\nil blog: insicurezzadigitale.com/cve-2026-419...\n\n#cybersecurity #infosec #ransomware #zeroday", "creation_timestamp": "2026-05-04T07:14:02.181789Z"}, {"uuid": "aa4cc5c4-acb9-4ef3-b6e1-61fe5dd6e760", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://t.me/GithubRedTeam/82477", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-41940\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Jenderal92\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 1  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 1\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-02 11:44:52\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nBulk scanner and mass exploitation tool for CVE-2026-41940 on cPanel/WHM, built for automated target validation and high-speed multi-threaded execution.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-02T12:00:04.000000Z"}, {"uuid": "d0a59385-d899-41f2-b342-78ba5dece608", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://t.me/GithubRedTeam/82528", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-41940\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a MrOplus\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-02 21:51:57\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-41940 Direct Shell Acess\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-02T22:00:04.000000Z"}, {"uuid": "35a7f6ac-b64a-47ac-8aaa-cc891d95b620", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/infosecbriefly.bsky.social/post/3mkzbvc2yuo2z", "content": "Over 40,000 servers have been compromised due to a critical cPanel zero-day vulnerability, CVE-2026-41940, allowing unauthorized administrative access.\n", "creation_timestamp": "2026-05-04T08:46:16.538356Z"}, {"uuid": "6970ca5c-c247-4ea1-8da4-602f94c0c95d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3mkzcps223g42", "content": "Over 40,000 Servers Compromised in Ongoing cPanel Exploitation The attacks likely target CVE-2026-41940, a recently patched zero-day leading to administrative access. The post Over 40,000 Servers C...\n\n#Vulnerabilities #cPanel #exploited\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-04T09:06:19.096284Z"}, {"uuid": "e8f16507-881b-4d26-ac0d-a914fd8227d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "Telegram/N7wnNZkdjAZvp2pPgGqbvhxQzXxYZ40vPCvAHItjwm6Itw", "content": "", "creation_timestamp": "2026-05-02T21:48:29.000000Z"}, {"uuid": "e30de562-1434-4e50-afa7-3688b1347d98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-02)", "content": "", "creation_timestamp": "2026-05-02T00:00:00.000000Z"}, {"uuid": "42b9b615-8fe5-42be-82b1-1113627689bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/serghei.bsky.social/post/3mkzbdbtal22m", "content": "A critical cPanel authentication bypass vulnerability (CVE-2026-41940)\u00a0is being exploited in widespread \"Sorry\" ransomware attacks days after the release of an\u00a0emergency update.\n\nwww.bleepingcomputer.com/news/securit...", "creation_timestamp": "2026-05-04T08:36:14.051058Z"}, {"uuid": "d0dffd87-e873-4c95-89fe-2bc8fa91a0b2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://infosec.exchange/users/threatcodex/statuses/116516714189898137", "content": "South-East Asian Military Entities Targeted via cPanel (CVE-2026-41940)#CVE_2026_41940 https://ctrlaltintel.com/research/SEA-CPanel/", "creation_timestamp": "2026-05-04T14:12:44.586766Z"}, {"uuid": "ccb56f30-1287-4fc8-8216-4c8243342ae2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://t.me/kasperskyb2b/2158", "content": "\ud83d\udc40 \u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u044b\u0435 \u0438\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u044f APT \u0438 \u043d\u043e\u0432\u043e\u0441\u0442\u0438 \u0418\u0411 \u0437\u0430 \u043d\u0435\u0434\u0435\u043b\u044e\n\n\ud83d\udfe2\u0412 \u0430\u0442\u0430\u043a\u0430\u0445 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0438 Silver Fox \u043d\u0430 \u043e\u0440\u0433\u0430\u043d\u0437\u0438\u0430\u0446\u0438\u0438 \u0432 \u0420\u0424 \u0438 \u0432 \u0418\u043d\u0434\u0438\u0438 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d \u043d\u043e\u0432\u044b\u0439 \u0431\u044d\u043a\u0434\u043e\u0440 ABCDoor. \u0420\u0435\u0442\u0440\u043e\u0441\u043f\u0435\u043a\u0442\u0438\u0432\u043d\u044b\u0439 \u0430\u043d\u0430\u043b\u0438\u0437 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u043b \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u0442\u044c 7 \u0432\u0435\u0440\u0441\u0438\u0439 \u0412\u041f\u041e, \u043f\u0435\u0440\u0432\u0430\u044f \u0438\u0437 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0434\u0430\u0442\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u0430\u0436 2024 \u0433\u043e\u0434\u043e\u043c, \u043d\u043e \u0440\u0430\u0437\u0432\u0438\u0442\u0438\u0435 \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u0430 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442\u0441\u044f \u043f\u043e \u0441\u0435\u0439 \u0434\u0435\u043d\u044c. \u041d\u0430\u0447\u0438\u043d\u0430\u044e\u0442\u0441\u044f \u0430\u0442\u0430\u043a\u0438 \u0441 \u0446\u0435\u043b\u0435\u0432\u043e\u0433\u043e \u0444\u0438\u0448\u0438\u043d\u0433\u0430 \u043d\u0430\u043b\u043e\u0433\u043e\u0432\u043e\u0439 \u0442\u0435\u043c\u0430\u0442\u0438\u043a\u0438. \n\n\ud83d\udfe3\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u044b\u0439 \u0440\u0430\u0437\u0431\u043e\u0440 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 CVE-2026-31431 (CopyFail), \u0443\u0433\u0440\u043e\u0436\u0430\u044e\u0449\u0435\u0439 \u0431\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u0443 \u0430\u043a\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u0441\u0431\u043e\u0440\u043e\u043a Linux. \u041d\u0430\u0438\u0431\u043e\u043b\u0435\u0435 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u0430 \u0443\u0433\u0440\u043e\u0437\u0430 \u0434\u043b\u044f \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u043d\u044b\u0445 \u0441\u0440\u0435\u0434:  Docker, LXC \u0438 Kubernetes.\n\n\ud83d\udd35\u0412 \u043c\u0435\u043d\u0435\u0434\u0436\u0435\u0440\u0435 \u043f\u0430\u043a\u0435\u0442\u043e\u0432 npm \u0431\u0443\u0448\u0443\u0435\u0442 \u044d\u043f\u0438\u0434\u0435\u043c\u0438\u044f Mini Shai-Hulud: \u0447\u0435\u0440\u0432\u044c \u043f\u043e\u0440\u0430\u0437\u0438\u043b \u043f\u0430\u043a\u0435\u0442\u044b SAP \u0438 intercom. \u0412\u0435\u0440\u043e\u044f\u0442\u043d\u043e \u0442\u0435 \u0436\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0438 \u043f\u0430\u043a\u0435\u0442\u044b lightning \u0432 PyPi. TTPs \u043f\u043e\u0445\u043e\u0436\u0438 \u043d\u0430 \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0443 TeamPCP.\n\n\ud83d\udfe3\u0413\u0440\u0443\u043f\u043f\u0430 HeartlessSoul, \u0437\u0430\u043c\u0435\u0447\u0435\u043d\u043d\u0430\u044f \u043e\u0441\u0435\u043d\u044c\u044e 2025 \u0433\u043e\u0434\u0430, \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u0435\u0442 \u0430\u0442\u0430\u043a\u0438 \u043d\u0430 \u0430\u0432\u0438\u0430\u0446\u0438\u043e\u043d\u043d\u0443\u044e \u043f\u0440\u043e\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u043e\u0441\u0442\u044c \u0438 \u0432 \u0447\u0438\u0441\u043b\u0435 \u043f\u043e\u0445\u0438\u0449\u0430\u0435\u043c\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 \u0434\u0435\u043b\u0430\u0435\u0442 \u043e\u0441\u043e\u0431\u044b\u0439 \u0430\u043a\u0446\u0435\u043d\u0442 \u043d\u0430 \u0444\u0430\u0439\u043b\u044b \u0433\u0435\u043e\u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c. \u041f\u0440\u0438\u043c\u0435\u0447\u0430\u0442\u0435\u043b\u0435\u043d \u043f\u043e\u0434\u0445\u043e\u0434 \u043a \u0442\u0430\u0440\u0433\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044e: \u0433\u0440\u0443\u043f\u043f\u0438\u0440\u043e\u0432\u043a\u0430 \u0440\u0435\u043a\u043b\u0430\u043c\u0438\u0440\u0443\u0435\u0442 \u0441\u0430\u0439\u0442\u044b-\u0444\u0430\u043b\u044c\u0448\u0438\u0432\u043a\u0438 \u0441 \u0442\u0440\u043e\u044f\u043d\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u041f\u041e \u0434\u043b\u044f \u0430\u0432\u0438\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c.\n\n\ud83d\udfe3\u0412\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u0438 \u0442\u043e\u0436\u0435 \u0432\u043e\u043b\u043d\u0443\u044e\u0442\u0441\u044f \u043e \u043f\u043e\u0441\u0442\u043a\u0432\u0430\u043d\u0442\u043e\u0432\u043e\u0439 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0438 \u2014 \u043d\u043e\u0432\u044b\u0439 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043b\u044c\u0449\u0438\u043a Kyber \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0432 \u0441\u0432\u043e\u0435\u0439 \u0440\u0430\u0431\u043e\u0442\u0435 \u0433\u0438\u0431\u0440\u0438\u0434\u043d\u044b\u0439 \u0430\u043b\u0433\u043e\u0440\u0438\u0442\u043c \u0441 \u041f\u041a\u0428.\n\n\ud83d\udd35\u041e\u0433\u0440\u043e\u043c\u043d\u044b\u0439 150-\u0441\u0442\u0440\u0430\u043d\u0438\u0447\u043d\u044b\u0439 \u043e\u0442\u0447\u0435\u0442 \u043e \u0441\u043b\u043e\u0436\u043d\u043e\u043c \u0412\u041f\u041e EasterBunny (pdf) \u0438 TTPs APT29/DarkHalo, \u0435\u0433\u043e \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u044e\u0449\u0435\u0439. \u0421\u0440\u0435\u0434\u0438 \u043b\u044e\u0431\u043e\u043f\u044b\u0442\u043d\u044b\u0445 \u0434\u0435\u0442\u0430\u043b\u0435\u0439 \u2014 \u0436\u0451\u0441\u0442\u043a\u0430\u044f \u043f\u0440\u0438\u0432\u044f\u0437\u043a\u0430 \u0438\u043c\u043f\u043b\u0430\u043d\u0442\u0430 \u043a \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0443, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043e\u043d \u043d\u0430\u0446\u0435\u043b\u0435\u043d, \u043d\u0430 \u0434\u0440\u0443\u0433\u0438\u0445 \u043c\u0430\u0448\u0438\u043d\u0430\u0445 \u043f\u0440\u043e\u0441\u0442\u043e \u043d\u0435 \u0437\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u0441\u044f.\n\n\ud83d\udfe3\u041d\u043e\u0432\u044b\u0435 \u0440\u0430\u0437\u043d\u043e\u0432\u0438\u0434\u043d\u043e\u0441\u0442\u0438 ClickFix: \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043a\u043e\u043c\u0430\u043d\u0434 cmdkey \u0438 regsvr32 \u0434\u043b\u044f \u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u0412\u041f\u041e.\n\n\ud83d\udd35\u0417\u0430\u043a\u0440\u044b\u0442\u0430\u044f \u0432 \u0430\u043f\u0440\u0435\u043b\u044c\u0441\u043a\u043e\u043c Patch Tuesday CVE-2026-32202, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0430\u044f \u043a \u0443\u0442\u0435\u0447\u043a\u0435 \u0445\u044d\u0448\u0435\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u0442\u0435\u043f\u0435\u0440\u044c \u043f\u043e\u043c\u0435\u0447\u0435\u043d\u0430 \u043a\u0430\u043a \u0430\u043a\u0442\u0438\u0432\u043d\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u0430\u044f. \u0414\u0435\u0444\u0435\u043a\u0442 \u0432\u043e\u0437\u043d\u0438\u043a \u0438\u0437-\u0437\u0430 \u043d\u0435\u043f\u043e\u043b\u043d\u043e\u0433\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f \u0444\u0435\u0432\u0440\u0430\u043b\u044c\u0441\u043a\u043e\u0433\u043e \u0437\u0438\u0440\u043e\u0434\u0435\u044f CVE-2026-21510.\n\n\ud83d\udfe3\u0418\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u0430\u044f \u0438\u0441\u0442\u043e\u0440\u0438\u044f \u2014 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043f\u043b\u0430\u0433\u0438\u043d \u0434\u043b\u044f WordPress \u0431\u044b\u043b \u0438\u0437\u0433\u043e\u0442\u043e\u0432\u043b\u0435\u043d \u0438\u0437 \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u043e\u0439 \u0432\u0435\u0440\u0441\u0438\u0438 \u0435\u0449\u0435 \u0432 2020 \u0433\u043e\u0434\u0443, \u043d\u043e \u043e\u0431\u0437\u0430\u0432\u0451\u043b\u0441\u044f \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u043e\u043d\u0430\u043b\u044c\u043d\u043e\u0441\u0442\u044c\u044e \u0442\u043e\u043b\u044c\u043a\u043e \u0432 2026. \n\n\ud83d\udd35\u0420\u0430\u0437\u0431\u043e\u0440 \u043c\u0430\u0441\u0441\u043e\u0432\u043e\u0439 \u0433\u043b\u043e\u0431\u0430\u043b\u044c\u043d\u043e\u0439 \u0441\u043f\u0430\u043c-\u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438 \u0441 \u0440\u0430\u0441\u0441\u044b\u043b\u043a\u043e\u0439 \u0444\u0430\u043b\u044c\u0448\u0438\u0432\u044b\u0445 SMS \u043e\u0431 \u043e\u043f\u043b\u0430\u0442\u0435 \u0434\u043e\u0440\u043e\u0436\u043d\u044b\u0445 \u043f\u043e\u0448\u043b\u0438\u043d \u0438 \u0448\u0442\u0440\u0430\u0444\u043e\u0432. \u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0436\u0435\u0440\u0442\u0432 \u0437\u0430\u043c\u0430\u043d\u0438\u0432\u0430\u044e\u0442 \u043d\u0430 \u0444\u0430\u043b\u044c\u0448\u0438\u0432\u044b\u0435 \u043f\u043b\u0430\u0442\u0451\u0436\u043d\u044b\u0435 \u0441\u0430\u0439\u0442\u044b \u0438 \u0441\u0430\u0439\u0442\u044b, \u0440\u0430\u0441\u043f\u0440\u043e\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0438\u0435 \u0412\u041f\u041e.\n\n\ud83d\udfe2\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2026-41940 \u0432 \u043f\u0430\u043d\u0435\u043b\u044f\u0445 cPanel \u0438 WHM, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0430\u0434\u043c\u0438\u043d\u0441\u043a\u0438\u0435 \u043f\u0440\u0430\u0432\u0430 \u0431\u0435\u0437 \u0432\u0441\u044f\u043a\u043e\u0439 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438, \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0435\u0449\u0451 \u0434\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f. \u0423\u0447\u0438\u0442\u044b\u0432\u0430\u044f \u043f\u043e\u043f\u0443\u043b\u044f\u0440\u043d\u043e\u0441\u0442\u044c cPanel, \u044d\u0442\u043e \u0432\u0435\u0441\u044c\u043c\u0430 \u0441\u0435\u0440\u044c\u0451\u0437\u043d\u043e \u2014 \u043e\u0431\u043d\u043e\u0432\u043b\u044f\u0442\u044c\u0441\u044f \u043d\u0443\u0436\u043d\u043e \u0432 \u0441\u0440\u043e\u0447\u043d\u043e\u043c \u043f\u043e\u0440\u044f\u0434\u043a\u0435. \n\n\ud83d\udfe3\u041d\u0435\u043e\u0436\u0438\u0434\u0430\u043d\u043d\u043e\u0435 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0435 \u0433\u0435\u043e\u0433\u0440\u0430\u0444\u0438\u0438 \u0441\u043a\u0430\u043c-\u0446\u0435\u043d\u0442\u0440\u043e\u0432 (\u0438 \u0431\u043e\u0440\u044c\u0431\u044b \u0441 \u043d\u0438\u043c\u0438) \u2014 \u0434\u0435\u0432\u044f\u0442\u044c \u043c\u043e\u0448\u0435\u043d\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0445 \u043e\u0444\u0438\u0441\u043e\u0432 \u0437\u0430\u043a\u0440\u044b\u043b\u0438 \u0432 \u0414\u0443\u0431\u0430\u0435.\n\n#\u0434\u0430\u0439\u0434\u0436\u0435\u0441\u0442 #APT @\u041f2\u0422", "creation_timestamp": "2026-05-04T09:44:28.000000Z"}, {"uuid": "4df84c10-371e-4080-a8cc-7087aace8a2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/cerberusit.bsky.social/post/3mkzloykllb2c", "content": "We are currently witnessing over 40,000 servers falling over themselves to be compromised through an ongoing exploitation of a cPanel vulnerability that was supposed to be patched. This mess involves CVE-2026-41940, a zero-day that grants administrative access to anyone clever en...\n\nRead full story", "creation_timestamp": "2026-05-04T11:41:40.230672Z"}, {"uuid": "38ec8ae6-2229-406a-9a01-d93890f3f1cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/undercode.bsky.social/post/3mkzmqfuxhm2g", "content": "cPanel Under Siege: CVE-2026-41940\u2019s Perfect Storm \u2013 Unauthenticated Root Takeover via a Simple CRLF Injection +\u00a0Video\n\nIntroduction A critical authentication bypass vulnerability, identified as CVE-2026-41940 and carrying a near\u2011max CVSS score of 9.8, has been actively exploited since at least 23\u2026", "creation_timestamp": "2026-05-04T12:00:21.450427Z"}, {"uuid": "33b084f3-b796-4dc5-963f-1c7fd12e1430", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/se-nyheter.bsky.social/post/3mkzmqoddah27", "content": "Hackare utnyttjar s\u00e5rbarhet \u2013 miljontals sajter i fara\n\nhttps://www.europesays.com/se/236455/\n\nCanadian Centre for Cyber Security varnar f\u00f6r CVE-2026-41940, en kritisk s\u00e5rbarhet som \u00e5terfinns i webbserverprogrammen Cpanel och Web\u2026", "creation_timestamp": "2026-05-04T12:00:30.408451Z"}, {"uuid": "42bd2137-389f-4173-ad42-0a4fd2a1b40a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://infosec.exchange/users/technadu/statuses/116516403312049261", "content": "cPanel zero-day active:40K+ servers hitCVE-2026-41940\u2192 auth bypass\u2192 admin accessPatch immediately.\nSource: https://www.securityweek.com/over-40000-servers-compromised-in-ongoing-cpanel-exploitation/\nFollow @technadu \n#Infosec #ZeroDay #CyberSecurity", "creation_timestamp": "2026-05-04T12:53:41.453984Z"}, {"uuid": "6c106440-d99b-46a7-b7b4-37073c3e1790", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/se-nyheter.bsky.social/post/3mkzq42rec52h", "content": "S\u00e4kerhetsh\u00e5l hotar miljontals sajter \u2013 anv\u00e4nds aktivt av hackare\n\nhttps://www.europesays.com/se/236522/\n\nCERT-SE varnar f\u00f6r CVE-2026-41940, en kritisk s\u00e5rbarhet som \u00e5terfinns i webbserverprogrammen Cpanel och Web Host Manager (WHM). S\u00e5rbarheten\u2026", "creation_timestamp": "2026-05-04T13:00:33.431403Z"}, {"uuid": "d67ed2a6-50b2-43fb-896a-508c44c5b5a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://t.me/GithubRedTeam/82763", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a cve-2026-41940\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Yuri08loveElaina\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-04 12:53:58\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-04T13:00:05.000000Z"}, {"uuid": "fc155522-8d92-42ce-8bba-8d97d3326370", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "Telegram/1H-F8sNdmZ1CBEEZIhVSpSRWs_og3EaiMpnijX5gRIEI-vI", "content": "", "creation_timestamp": "2026-05-04T08:00:23.000000Z"}, {"uuid": "8bbbb156-10c3-41df-bd00-2643ba1190ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-05-03)", "content": "", "creation_timestamp": "2026-05-03T00:00:00.000000Z"}, {"uuid": "c6567b4d-9a39-4616-b4d3-cbca6d5d40c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/zettawire.com/post/3mkzv6gvtfx2s", "content": "CISA adds critical WebPros cPanel and WHM authentication vulnerability CVE-2026-41940 to its Known Exploited Vulnerabilities Catalog. The agency urges users to review the updated list for security guidance. #Cybersecurity #CISA", "creation_timestamp": "2026-05-04T14:31:21.755783Z"}, {"uuid": "ce5a3746-05e5-4d9d-b774-6854c95c2d35", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/infosec.skyfleet.blue/post/3ml2jh52yqi2m", "content": "Hackers target governments and MSPs via critical cPanel flaw CVE-2026-41940", "creation_timestamp": "2026-05-04T20:34:09.194938Z"}, {"uuid": "2b683def-d676-4a85-a228-e54a8c329b09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/crowdsec.bsky.social/post/3mkzw5yfwtc2a", "content": "\ud83d\udea8 In this week\u2019s newsletter, we cover CVE-2026-41940, a cPanel & WHM authentication bypass that puts entire hosting environments at risk. We break down how it enables admin access and what defenders should do next.\n\nRead the full analysis and protect your systems \ud83d\udc49 www.crowdsec.net/vulntracking...", "creation_timestamp": "2026-05-04T14:44:18.065313Z"}, {"uuid": "39146c0b-e507-4524-a895-d10226d245d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://t.me/true_secator/8166", "content": "\u041f\u043e\u0434\u043a\u0430\u0442\u0438\u043b\u0438 \u043d\u043e\u0432\u044b\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438 \u0441 \u0430\u0442\u0430\u043a\u0430\u043c\u0438, \u043d\u0430\u0446\u0435\u043b\u0435\u043d\u043d\u044b\u043c\u0438 \u043d\u0430 \u043d\u0435\u0434\u0430\u0432\u043d\u043e \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u043d\u0443\u044e 0-day \u043e\u0431\u0445\u043e\u0434\u0430 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0432 cPanel & WebHost Manager (WHM), CVE-2026-41940, \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u044e\u0449\u0443\u044e \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f.\n\n\u041f\u043e \u0432\u0441\u0435\u0439 \u0432\u0438\u0434\u0438\u043c\u043e\u0441\u0442\u0438, \u0431\u043e\u043b\u0435\u0435 40 000 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0431\u044b\u043b\u0438 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u0432 \u0440\u0430\u043c\u043a\u0430\u0445 \u043c\u0430\u0441\u0448\u0442\u0430\u0431\u043d\u043e\u0439 \u043a\u0430\u043c\u043f\u0430\u043d\u0438\u0438, \u043a\u0430\u043a \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442 Shadowserver Foundation.\n\n\u0420\u0430\u0441\u043a\u0440\u044b\u0442\u0430\u044f 28 \u0430\u043f\u0440\u0435\u043b\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u0440\u0435\u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 \u043d\u0435\u0430\u0432\u0442\u043e\u0440\u0438\u0437\u043e\u0432\u0430\u043d\u043d\u044b\u043c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043a cPanel, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044f \u0437\u0430\u0445\u0432\u0430\u0442\u0438\u0442\u044c \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u043d\u0430\u0434 \u0445\u043e\u0441\u0442-\u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439 \u0438 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432\u0441\u0435 \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u0438, \u0431\u0430\u0437\u044b \u0434\u0430\u043d\u043d\u044b\u0445 \u0438 \u0441\u0430\u0439\u0442\u044b, \u043a\u043e\u0442\u043e\u0440\u044b\u043c\u0438 \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0430.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0430 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0441\u0438\u043c\u0432\u043e\u043b\u043e\u0432 \u0432 \u0437\u0430\u0433\u043e\u043b\u043e\u0432\u043a\u0430\u0445 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u0437\u0430\u043f\u0438\u0441\u0438 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u043e\u0432 \u0432 \u0444\u0430\u0439\u043b \u0441\u0435\u0441\u0441\u0438\u0438, \u0430 \u0437\u0430\u0442\u0435\u043c \u0434\u043b\u044f \u0437\u0430\u043f\u0443\u0441\u043a\u0430 \u043f\u0435\u0440\u0435\u0437\u0430\u0433\u0440\u0443\u0437\u043a\u0438 \u0444\u0430\u0439\u043b\u0430 \u0441\u0435\u0441\u0441\u0438\u0438 \u0441 \u0446\u0435\u043b\u044c\u044e \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u043d\u044b\u0445 \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u0438\u0432\u043d\u044b\u0445 \u0443\u0447\u0435\u0442\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\u041f\u0440\u0438\u0447\u0435\u043c CVE-2026-41940, \u0432\u0435\u0440\u043e\u044f\u0442\u043d\u043e, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043b\u0430\u0441\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c\u0438 \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 0-day \u0435\u0449\u0435\u00a0\u0441 \u043a\u043e\u043d\u0446\u0430 \u0444\u0435\u0432\u0440\u0430\u043b\u044f, \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0441\u0442\u044c \u0440\u0435\u0437\u043a\u043e \u0432\u043e\u0437\u0440\u043e\u0441\u043b\u0430 \u043f\u043e\u0441\u043b\u0435 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0438 \u0438 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u043a\u043e\u043c\u043f\u0430\u043d\u0438\u044f WatchTowr \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043b\u0430 \u0442\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043f\u043e\u0434\u0440\u043e\u0431\u043d\u043e\u0441\u0442\u0438.\n\n\u041d\u0430 \u043f\u0440\u043e\u0448\u043b\u043e\u0439 \u043d\u0435\u0434\u0435\u043b\u0435 Rapid7 \u043f\u0440\u0435\u0434\u0443\u043f\u0440\u0435\u0434\u0438\u043b\u0430, \u0447\u0442\u043e \u0432 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u043e \u043e\u043a\u043e\u043b\u043e 1,5 \u043c\u043b\u043d. \u044d\u043a\u0437\u0435\u043c\u043f\u043b\u044f\u0440\u043e\u0432 cPanel, \u0430 \u0432 \u043f\u044f\u0442\u043d\u0438\u0446\u0443 Shadowserver Foundation \u0432\u044b\u044f\u0432\u0438\u043b\u0430\u00a0 \u0434\u0435\u0441\u044f\u0442\u043a\u0438 \u0442\u044b\u0441\u044f\u0447 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c.\n\n\u0412 \u0447\u0430\u0441\u0442\u043d\u043e\u0441\u0442\u0438, \u0432 \u0445\u043e\u0434\u0435 \u043f\u0440\u043e\u0434\u043e\u043b\u0436\u0430\u044e\u0449\u0438\u0445\u0441\u044f \u0430\u0442\u0430\u043a \u0431\u044b\u043b\u0438 \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u044b \u043a\u0430\u043a \u043c\u0438\u043d\u0438\u043c\u0443\u043c 44 000 IP, \u043d\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0440\u0430\u0431\u043e\u0442\u0430\u0435\u0442 cPanel.\n\n\u041f\u043e \u0434\u0430\u043d\u043d\u044b\u043c\u00a0Shadowserver Foundation, \u043f\u043e \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u044e \u043d\u0430 3 \u043c\u0430\u044f \u044d\u0442\u043e \u0447\u0438\u0441\u043b\u043e \u0437\u043d\u0430\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0441\u043e\u043a\u0440\u0430\u0442\u0438\u043b\u043e\u0441\u044c. \u0411\u043e\u043b\u044c\u0448\u0438\u043d\u0441\u0442\u0432\u043e \u0437\u0430\u0442\u0440\u043e\u043d\u0443\u0442\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043d\u0430\u0445\u043e\u0434\u044f\u0442\u0441\u044f \u0432 \u0421\u0428\u0410, \u0430 \u0424\u0440\u0430\u043d\u0446\u0438\u044f \u0438 \u041d\u0438\u0434\u0435\u0440\u043b\u0430\u043d\u0434\u044b \u0437\u0430\u043c\u044b\u043a\u0430\u044e\u0442 \u0442\u0440\u043e\u0439\u043a\u0443 \u043b\u0438\u0434\u0435\u0440\u043e\u0432.\n\n\u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0441\u043e\u043e\u0431\u0449\u0430\u0435\u0442\u0441\u044f, \u0447\u0442\u043e \u0445\u0430\u043a\u0435\u0440\u044b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c cPanel \u0441 \u0447\u0435\u0442\u0432\u0435\u0440\u0433\u0430 \u0434\u043b\u044f \u0432\u0437\u043b\u043e\u043c\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0438 \u0440\u0430\u0437\u0432\u0435\u0440\u0442\u044b\u0432\u0430\u043d\u0438\u044f \u043e\u0441\u043d\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043d\u0430 Go Linux \u0448\u0438\u0444\u0440\u0430\u0442\u043e\u0440\u0430 \u0434\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u044b-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044f Sorry (VirusTotal).\n\n\u0417\u0430\u0444\u0438\u043a\u0441\u0438\u0440\u043e\u0432\u0430\u043d\u043e \u043c\u043d\u043e\u0436\u0435\u0441\u0442\u0432\u043e \u0441\u043e\u043e\u0431\u0449\u0435\u043d\u0438\u0439 \u043e\u0442 \u043f\u043e\u0441\u0442\u0440\u0430\u0434\u0430\u0432\u0448\u0438\u0445, \u0433\u0434\u0435 \u043e\u0434\u043d\u0430 \u0438\u0437 \u0436\u0435\u0440\u0442\u0432 \u043f\u043e\u0434\u0435\u043b\u0438\u043b\u0430\u0441\u044c \u043e\u0431\u0440\u0430\u0437\u0446\u0430\u043c\u0438 \u0437\u0430\u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u043d\u044b\u0445 \u0444\u0430\u0439\u043b\u043e\u0432 \u0438 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u043c\u044b\u043c \u0437\u0430\u043f\u0438\u0441\u043a\u0438 \u0441 \u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0432\u044b\u043a\u0443\u043f\u0430.\n\n\u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0430-\u0432\u044b\u043c\u043e\u0433\u0430\u0442\u0435\u043b\u044c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u043f\u043e\u0442\u043e\u043a\u043e\u0432\u044b\u0439 \u0448\u0438\u0444\u0440 ChaCha20 \u0434\u043b\u044f \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0444\u0430\u0439\u043b\u043e\u0432, \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u043a\u043b\u044e\u0447 \u0448\u0438\u0444\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0437\u0430\u0449\u0438\u0449\u0435\u043d \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u043d\u043e\u0433\u043e \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u0433\u043e \u043a\u043b\u044e\u0447\u0430 RSA-2048.\n\n\u0412 \u043a\u0430\u0436\u0434\u043e\u0439 \u043f\u0430\u043f\u043a\u0435 \u0441\u043e\u0437\u0434\u0430\u0435\u0442\u0441\u044f \u0437\u0430\u043f\u0438\u0441\u043a\u0430 \u0441 \u0442\u0440\u0435\u0431\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0432\u044b\u043a\u0443\u043f\u0430 \u043f\u043e\u0434 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435\u043c README.md, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u0439 \u0436\u0435\u0440\u0442\u0432\u0435 \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0435\u0442\u0441\u044f \u0441\u0432\u044f\u0437\u0430\u0442\u044c\u0441\u044f \u0441 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c \u0432 Tox \u0434\u043b\u044f \u043e\u0431\u0441\u0443\u0436\u0434\u0435\u043d\u0438\u044f \u0441\u0443\u043c\u043c\u044b \u0432\u044b\u043a\u0443\u043f\u0430.\n\n\u041f\u043e\u0441\u043a\u043e\u043b\u044c\u043a\u0443 \u0432\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 cPanel, \u043d\u0430\u0447\u0438\u043d\u0430\u044f \u0441 11.40, \u0443\u044f\u0437\u0432\u0438\u043c\u044b, \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u043c \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0443\u0435\u0442\u0441\u044f \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u0441\u043a\u043e\u0440\u0435\u0435 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 \u0441 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435\u043c \u0438 \u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u044c \u0438\u043d\u0441\u0442\u0440\u0443\u043a\u0446\u0438\u044f\u043c cPanel \u043f\u043e \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044e \u0438 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u0443\u0433\u0440\u043e\u0437.\n\n\u0421\u043e\u0433\u043b\u0430\u0441\u043d\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u043d\u043e\u043c\u0443 \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044e cPanel, \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u043e\u0434\u0435\u0440\u0436\u0430\u0442\u0441\u044f \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 cPanel & WHM 11.86.0.41, 11.110.0.97, 11.118.0.63, 11.124.0.35, 11.126.0.54, 11.130.0.19, 11.132.0.29, 11.134.0.20 \u0438 11.136.0.5, \u0430 \u0442\u0430\u043a\u0436\u0435 \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 WP Squared 136.1.7.\n\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043f\u043e\u043b\u0430\u0433\u0430\u044e\u0442, \u0447\u0442\u043e \u0432 \u0431\u043b\u0438\u0436\u0430\u0439\u0448\u0438\u0435 \u0434\u043d\u0438 \u0438 \u043d\u0435\u0434\u0435\u043b\u0438 \u0431\u0443\u0434\u0435\u0442 \u043d\u0430\u0431\u043b\u044e\u0434\u0430\u0442\u044c\u0441\u044f \u043b\u0438\u0448\u044c \u0443\u0441\u0438\u043b\u0435\u043d\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \u041d\u043e \u0431\u0443\u0434\u0435\u043c \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c.", "creation_timestamp": "2026-05-04T14:00:53.000000Z"}, {"uuid": "27d31829-a011-4ef9-8d58-7d28f9554a5e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41940", "type": "seen", "source": "https://bsky.app/profile/cyberveille-ch.bsky.social/post/3ml2kw6d2nq2x", "content": "\ud83d\udce2 Entit\u00e9s militaires sud-est asiatiques cibl\u00e9es via CVE-2026-41940 (cPanel) avec exfiltration de donn\u00e9es chinoises\n\ud83d\udcdd ## \ud83d\udd0d C\u2026\nhttps://cyberveille.ch/posts/2026-05-04-entites-militaires-sud-est-asiatiques-ciblees-via-cve-2026-41940-cpanel-avec-exfiltration-de-donnees-chinoises/ #AdaptixC2 #Cyberveille", "creation_timestamp": "2026-05-04T21:00:26.723958Z"}, {"uuid": "08530c4c-3986-434a-9106-08e8179ef42c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/intel.overresearched.net/post/3ml2nps2yxc2j", "content": "- cPanel CVE-2026-41940 \u2192 'Sorry' ransomware (44k+ IPs) - GitHub RCE CVE-2026-3854 (88% GHES unpatched) \n- APT28 Windows zero-day (KEV) \n- Linux 'Copy Fail' LPE \n- ShinyHunters: Instructure 275M  intel.overresearched.net/2026/05/04/c...  \n\n#Weekly #ThreatIntel #Infosec", "creation_timestamp": "2026-05-04T21:50:34.830914Z"}, {"uuid": "e5b5e349-e05d-4ff8-86af-63fbe777914d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "Telegram/K4RyqB3lPTzk-mogtjZXo7azFUUE-GW1zmkFm_VX_sT8T4ti", "content": "", "creation_timestamp": "2026-05-04T20:20:04.000000Z"}, {"uuid": "d3921cf3-4b15-4212-92b7-47accdaea69e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://t.me/GithubRedTeam/82805", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-41940\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a itsismarcos\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-04 19:44:29\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nExploit CVE-2026-41940 auto exploit \n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-04T20:00:04.000000Z"}, {"uuid": "b4305e6e-f412-40fe-975a-4e81825a8bff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/Kubernetes.activitypub.awakari.com.ap.brid.gy/post/3ml2ohkc2bk62", "content": "InfoSec News Nuggets 05/04/2026 Over 40,000 Servers Compromised in Ongoing cPanel Exploitation Attackers are exploiting CVE-2026-41940, a critical cPanel and WHM authentication bypass flaw that can...\n\n#InfoSec #News #Nuggets #AboutDFIR #Itron #news #nuggets #Trellix\n\nOrigin | Interest | Match", "creation_timestamp": "2026-05-04T22:03:54.946750Z"}, {"uuid": "8d2ed99f-76bb-48be-aa2c-80610f15d69b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/PostgreSQL.activitypub.awakari.com.ap.brid.gy/post/3ml2pfmiu7ud2", "content": "Hackers target governments and MSPs via critical cPanel flaw CVE-2026-41940 Attackers exploit a critical cPanel flaw to target government and MSP networks across Southeast Asia and several countrie...\n\n#Breaking #News #Hacking #Security #cPanel [\u2026] \n\n[Original post on securityaffairs.com]", "creation_timestamp": "2026-05-04T22:20:51.012837Z"}, {"uuid": "21e4d72e-2422-463d-bb87-1f1efce4a224", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://poliverso.org/objects/0477a01e-1269-f91d-0ae6-a2f645320851", "content": "Falla in cPanel e WHM mette a rischio gli account amministrativi sui server di hosting\n@informaticaLa pubblicazione di un PoC per la CVE-2026-41940 espone cPanel & WHM e WP Squared a rischi concreti di takeover. L\u2019authentication bypass pu\u00f2 compromettere server hosting e siti WordPress. Analisi tecnica, impatti e contromisure per", "creation_timestamp": "2026-05-04T22:28:21.364084Z"}, {"uuid": "20696e9a-7c5c-4d89-ab84-c7fd3acedae8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/cybersecurity.poliverso.org.ap.brid.gy/post/3ml2pti65lur2", "content": "# **Falla in cPanel e WHM mette a rischio gli account amministrativi sui server di hosting**\n\n\n@informatica\nLa pubblicazione di un PoC per la CVE-2026-41940 espone cPanel & WHM e WP Squared a rischi concreti di takeover. L\u2019authentication bypass pu\u00f2 compromettere server hosting e siti WordPress [\u2026]", "creation_timestamp": "2026-05-04T22:28:31.417832Z"}, {"uuid": "5f96c599-627c-41aa-aec2-8374498915fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3ml2rmqclgb2t", "content": "Active exploitation targets include cPanel flaw CVE-2026-41940 allowing authentication bypass, Linux Copy Fail CVE-2026-31431, and ongoing supply-chain attacks by TeamPCP impacting CI/CD and SaaS environments. #LinuxKernel #SupplyChain #USA", "creation_timestamp": "2026-05-04T23:00:26.930022Z"}, {"uuid": "007eb8a4-b59e-407a-bad4-5a2a473dfa12", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/dougmcvay.bsky.social/post/3ml2s2pqcbs2u", "content": "Over 40,000 Servers Compromised in Ongoing cPanel Exploitation\nThe attacks likely target CVE-2026-41940, a recently patched zero-day leading to administrative access.\nwww.securityweek.com/over-40000-s...", "creation_timestamp": "2026-05-04T23:08:18.279401Z"}, {"uuid": "74aada8f-14af-4b0e-ad5e-69295f2dbd1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mkzxgvanvk2t", "content": "4/ \u26a0\ufe0f cPanel CVE-2026-41940 (CVSS 9.8). Auth bypass exploited since Feb. 1.5M servers exposed. \"Sorry\" ransomware now mass-exploiting it. Patch TODAY.", "creation_timestamp": "2026-05-04T15:11:53.368686Z"}, {"uuid": "e15b1ded-f83b-4400-a971-08cab9c62d79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mkzxgvavpk2t", "content": "4/ \u26a0\ufe0f cPanel CVE-2026-41940 (CVSS 9.8). Auth bypass exploited since Feb. 1.5M servers exposed. \"Sorry\" ransomware now mass-exploiting it. Patch TODAY.", "creation_timestamp": "2026-05-04T15:11:54.092081Z"}, {"uuid": "6d6cc8df-09f8-4ed8-be9a-65093329f986", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mkzxgvawos2t", "content": "4/ \u26a0\ufe0f cPanel CVE-2026-41940 (CVSS 9.8). Auth bypass exploited since Feb. 1.5M servers exposed. \"Sorry\" ransomware now mass-exploiting it. Patch TODAY.", "creation_timestamp": "2026-05-04T15:11:56.589362Z"}, {"uuid": "3ff87173-3165-4cbf-accd-8289d2bf3831", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mkzxgvaxo22t", "content": "4/ \u26a0\ufe0f cPanel CVE-2026-41940 (CVSS 9.8). Auth bypass exploited since Feb. 1.5M servers exposed. \"Sorry\" ransomware now mass-exploiting it. Patch TODAY.", "creation_timestamp": "2026-05-04T15:11:57.148167Z"}, {"uuid": "9e3938d3-db9c-47f4-9686-d8ed3a208c08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mkzxgvaync2t", "content": "4/ \u26a0\ufe0f cPanel CVE-2026-41940 (CVSS 9.8). Auth bypass exploited since Feb. 1.5M servers exposed. \"Sorry\" ransomware now mass-exploiting it. Patch TODAY.", "creation_timestamp": "2026-05-04T15:11:57.691308Z"}, {"uuid": "245b4f79-d1d7-4968-b28a-4b42b817f472", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41940", "type": "seen", "source": "https://bsky.app/profile/vritrasecnews.bsky.social/post/3ml3b5pqdn62j", "content": "Attackers exploit a critical cPanel flaw to target government and MSP networks across Southeast Asia and several countries, including the U.S. and Canada. A t...\n\n\ud83d\udd17 https://securityaffairs.com/191666/breaking-news/hackers-target-governments-and-msps-via-critical-cpanel-flaw-cve-2026-41940.html", "creation_timestamp": "2026-05-05T03:38:22.766096Z"}, {"uuid": "9434dfdc-2366-447e-8783-b29ef1419180", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mkzxgvazmk2t", "content": "4/ \u26a0\ufe0f cPanel CVE-2026-41940 (CVSS 9.8). Auth bypass exploited since Feb. 1.5M servers exposed. \"Sorry\" ransomware now mass-exploiting it. Patch TODAY.", "creation_timestamp": "2026-05-04T15:11:58.238823Z"}, {"uuid": "eb96f567-d73c-48ff-8769-7281df8f89ef", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/opsmatters.com/post/3ml3cbyl6ef2g", "content": "The latest update for #CyCognito includes \"The Force Awakens Your Attack Surface\" and \"Emerging Threat: (CVE-2026-41940) cPanel & WHM Authentication Bypass via CRLF Injection\".\n \n#cybersecurity #AttackSurfaceManagement #EASM https://opsmtrs.com/44Srq0X", "creation_timestamp": "2026-05-05T03:58:39.584441Z"}, {"uuid": "6fd20a9f-cecc-4089-8e66-c8db7394735c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mkzxgvb2ls2t", "content": "4/ \u26a0\ufe0f cPanel CVE-2026-41940 (CVSS 9.8). Auth bypass exploited since Feb. 1.5M servers exposed. \"Sorry\" ransomware now mass-exploiting it. Patch TODAY.", "creation_timestamp": "2026-05-04T15:11:58.781983Z"}, {"uuid": "e91a6e25-0f26-4d2d-a75e-d62d1390ec58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mkzxgvb2lt2t", "content": "4/ \u26a0\ufe0f cPanel CVE-2026-41940 (CVSS 9.8). Auth bypass exploited since Feb. 1.5M servers exposed. \"Sorry\" ransomware now mass-exploiting it. Patch TODAY.", "creation_timestamp": "2026-05-04T15:11:59.440240Z"}, {"uuid": "11eb30d6-5500-4e42-9f37-1ce87ca6153b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3mkzxgvb2lu2t", "content": "4/ \u26a0\ufe0f cPanel CVE-2026-41940 (CVSS 9.8). Auth bypass exploited since Feb. 1.5M servers exposed. \"Sorry\" ransomware now mass-exploiting it. Patch TODAY.", "creation_timestamp": "2026-05-04T15:12:00.277313Z"}, {"uuid": "a97f5e97-7e1e-4fd1-a2d7-8a1ed0855fa8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://mastodon.social/ap/users/115426718704364579/statuses/116517096123431548", "content": "\ud83d\udcf0 cPanel Zero-Day Auth Bypass (CVE-2026-41940) Actively Exploited for Months Before Patch\n\ud83d\udea8 CRITICAL ZERO-DAY \ud83d\udea8 cPanel & WHM auth bypass (CVE-2026-41940, CVSS 9.8) exploited for months before patch! Unauthenticated attackers can get root access. 1.5M instances exposed. Patch NOW! #cPanel #ZeroDay #CVE #WebHosting\n\ud83d\udd17 https://cyber.netsecops.io", "creation_timestamp": "2026-05-04T15:49:54.038331Z"}, {"uuid": "81bd4702-1a8b-4923-84e8-d2fa9ae9dec7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3ml35daxrws2s", "content": "Top 3 CVE for last 7 days:\nCVE-2026-31431: 540 interactions\nCVE-2026-41940: 82 interactions\nCVE-2026-3854: 57 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-31431: 59 interactions\nCVE-2026-41940: 8 interactions\nCVE-2026-22679: 5 interactions\n", "creation_timestamp": "2026-05-05T02:29:53.289198Z"}, {"uuid": "68f9e02c-7529-49da-ab55-f997ab31a819", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/ecrime.ch/post/3ml3l3vx55v2z", "content": "The cPanel Situation Is\u2026 - Censys\n\nOn April 29, 2026, CVE-2026-41940 was disclosed as a critical pre-authentication bypass affecting cPanel and WHM. The is\n\nRead more: https://censys.com/blog/the-cpanel-situation-is/", "creation_timestamp": "2026-05-05T06:36:19.156130Z"}, {"uuid": "b7c3150d-3452-4272-84da-80ae16fe70b0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/netsecio.bsky.social/post/3mkzzmbnxb62q", "content": "\ud83d\udea8 CRITICAL ZERO-DAY \ud83d\udea8 cPanel & WHM auth bypass (CVE-2026-41940, CVSS 9.8) exploited for months before patch! Unauthenticated attackers can get root access. 1.5M instances exposed. Patch NOW! #cPanel #ZeroDay #CVE #WebHosting", "creation_timestamp": "2026-05-04T15:50:41.392143Z"}, {"uuid": "bc1879d0-9a0c-4329-8999-ca4291376098", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/cybercrimeinfo.bsky.social/post/3ml24jqw5u22w", "content": "Cyber Journaal S02E53: cPanel CVE-2026-41940 leidde tot 44.000 gecompromitteerde installaties na een zero day van twee maanden, ShinyHunters lekte 215.600 Aman Resorts accounts via vishing op de helpdesk, en Raptor Supplies Nederland staat op het darkweb.\n\n\u27a4 www.ccinfo.nl/journaal/315...", "creation_timestamp": "2026-05-04T16:43:10.101697Z"}, {"uuid": "524afb0c-597d-4f20-9d38-6a9ab257e66b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/pvynckier.bsky.social/post/3ml3lhjhr3c2c", "content": "Multiple threat actors actively exploit cPanel vulnerability (CVE-2026-41940) - Help Net Security www.helpnetsecurity.com/2026/05/04/m...", "creation_timestamp": "2026-05-05T06:42:52.804851Z"}, {"uuid": "a10fa660-66a2-4b71-b490-93c4f7308fa2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://gist.github.com/stone776/e534e49616d908924a231b9cbe88183b", "content": "", "creation_timestamp": "2026-05-05T08:26:38.000000Z"}, {"uuid": "3cd30f0d-665c-4a11-96ea-12ce6ba9c2c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/Dunuq-Vumuc.technodon.org.ap.brid.gy/post/3ml3lwzmtutv2", "content": "Kriittinen cPanel-haavoittuvuus hy\u00f6dynnetty globaalissa kampanjassa Hy\u00f6kk\u00e4\u00e4j\u00e4t hy\u00f6dynt\u00e4v\u00e4t aktiivisesti CVE-2026-41940-haavoittuvuutta, joka on kriittinen cPanel-infrastruktuurin puute, vaarantaakseen valtion ja hallinnoitujen palveluntarjoajien", "creation_timestamp": "2026-05-05T06:51:35.414527Z"}, {"uuid": "a1ee17b9-dfba-4750-83f9-576dd5c10df6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://t.me/GithubRedTeam/82866", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-41940\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a ZildanZ\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-05 05:59:31\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\n\u65e0\u63cf\u8ff0\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-05T06:00:05.000000Z"}, {"uuid": "71b40aa2-2839-4704-bfa0-547342a84d32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "Telegram/iLUe8v0Uh0Sb6iiHrVVi_18OGPn_eI_21UJtbxqFwUVI_uE", "content": "", "creation_timestamp": "2026-05-05T03:00:05.000000Z"}, {"uuid": "6ae00bc9-2c21-4511-a849-75e32a703982", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "Telegram/rPnY3cDOMvKcPFRcx6QsxUGiZwWHKwUb91xptawBtUQTSW0", "content": "", "creation_timestamp": "2026-05-04T21:00:04.000000Z"}, {"uuid": "45b84374-3f1a-4633-97a9-9bb447da0c19", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/echobit.de/post/3ml3wpvvox22d", "content": "Na prima: cPanel und WHM, die Control-Panels hinter gesch\u00e4tzten 70+ Millionen Websites, haben einen kritischen Sicherheitsfehler, der es jedem erm\u00f6glicht, ohne Passwort zum Root-Admin zu werden. CVE-2026-41940 betrifft jede unterst\u00fctzte Version.", "creation_timestamp": "2026-05-05T10:04:22.053102Z"}, {"uuid": "e7a4ebca-da64-4acc-b3ef-7392c3b15838", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "Telegram/0_HRy55XY1gHFnZjznakOF7ZoOcpEYzc0dvtDC6c94sHEnY", "content": "", "creation_timestamp": "2026-05-04T15:00:07.000000Z"}, {"uuid": "aa27d35b-9f2c-4b50-b5df-a5bd06b98b67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "Telegram/xOE6u0S4AhmTrHPBDYscPzMv6FpE3fbyPNbn5dJYZfuDoSw", "content": "", "creation_timestamp": "2026-05-04T03:00:05.000000Z"}, {"uuid": "c53d14b5-544c-486b-8abf-2584c54ab259", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-04)", "content": "", "creation_timestamp": "2026-05-04T00:00:00.000000Z"}, {"uuid": "5a097b82-f8d4-4230-8c5b-497ace292dc2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-05-04)", "content": "", "creation_timestamp": "2026-05-04T00:00:00.000000Z"}, {"uuid": "a2795be3-f2a0-42b1-8b83-1206db3badb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/winfuture.de/post/3ml4daoff4u2e", "content": "\u00dcber 40.000 Server durch Zero-Day-L\u00fccke in cPanel kompromittiert. Die Schwachstelle CVE-2026-41940 erm\u00f6glicht Angreifern Admin-Zugriff ohne Authentifizierung. #cPanel #Sicherheitsl\u00fccke", "creation_timestamp": "2026-05-05T13:48:29.498579Z"}, {"uuid": "990e6c61-e400-4073-84f9-b8eac2d40108", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "published-proof-of-concept", "source": "Telegram/cYbomHaTGTLOs95SVGZEas4XOSbbs1P0dkn6F8I8p6igQwc", "content": "", "creation_timestamp": "2026-05-02T15:00:06.000000Z"}, {"uuid": "74d0090b-d586-4d24-a437-449489d6edce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/shortinfo.bsky.social/post/3ml3q4nxysg2i", "content": "CVE-2026-41940 in cPanel is being weaponized within hours of PoC release. Multiple actors hit Philippines and Laos military/government domains, MSPs in the US, Canada, and South Africa. 44,000 IPs are now conducting scans and brute-force attacks. Mirai variants and 'Sorry' ransomware deployed.", "creation_timestamp": "2026-05-05T08:06:13.663236Z"}, {"uuid": "fa1d8130-0399-4378-b00e-d85c7fae9d81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/hendryadrian.bsky.social/post/3ml46v2kyxc22", "content": "A critical pre-authentication bypass, CVE-2026-41940, targeting cPanel/WHM has triggered a surge in malicious hosts. Active campaigns involve Mirai variants and ransomware appending \u201c.sorry\u201d to files. #cPanelFlaw #RansomwareAttack #MiraiBotnet", "creation_timestamp": "2026-05-05T12:30:28.669692Z"}, {"uuid": "1be0f36e-f551-4c21-ba1e-8641f5262f5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://t.me/poxek/6061", "content": "CVE-2026-41940 (CVSS 9.8) \u2014 pre-auth bypass \u0432 cPanel/WHM\n#CVE #cPanel #WHM #Web #AppSec\n\n\u0411\u0430\u0433 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c root-\u0434\u043e\u0441\u0442\u0443\u043f \u0437\u0430 \u0441\u0447\u0435\u0442 \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u044f\u0446\u0438\u0438 session-\u0444\u0430\u0439\u043b\u043e\u043c \u0447\u0435\u0440\u0435\u0437 \u0446\u0435\u043f\u043e\u0447\u043a\u0443 \u043e\u0448\u0438\u0431\u043e\u043a, \u0432\u043a\u043b\u044e\u0447\u0430\u044f CRLF-\u0438\u043d\u044a\u0435\u043a\u0446\u0438\u044e.\n\n\u041c\u0430\u0441\u0448\u0442\u0430\u0431 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u044b \u0432\u043d\u0443\u0448\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0439: \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442\u0441\u044f cPanel & WHM, cPanel DNSOnly \u0438 WP Squared. \u041f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u0430\u044f \u043f\u043e\u0432\u0435\u0440\u0445\u043d\u043e\u0441\u0442\u044c \u0430\u0442\u0430\u043a\u0438 \u2014 \u0432\u0441\u0435 \u043d\u0435\u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0435\u043d\u043d\u044b\u0435 \u0438\u043d\u0441\u0442\u0430\u043d\u0441\u044b \u0441 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u043e\u043c \u043a cPanel/WHM \u0432 \u0438\u043d\u0442\u0435\u0440\u043d\u0435\u0442 (~1.5 \u043c\u043b\u043d exposed \u0438\u043d\u0441\u0442\u0430\u043d\u0441\u043e\u0432).\n\n\u267e\ufe0f\u0422\u0435\u0445\u043d\u0438\u0447\u0435\u0441\u043a\u0430\u044f \u0441\u0443\u0442\u044c\u267e\ufe0f\n\ncPanel/WHM \u0441\u043e\u0437\u0434\u0430\u0432\u0430\u043b session-\u0444\u0430\u0439\u043b \u0435\u0449\u0435 \u0434\u043e \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0438 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e \u043e\u0431\u0440\u0430\u0431\u0430\u0442\u044b\u0432\u0430\u043b \u0432\u0445\u043e\u0434\u043d\u044b\u0435 \u0434\u0430\u043d\u043d\u044b\u0435. \u041f\u0440\u0438 \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0435 Basic Auth \u043f\u0430\u0440\u043e\u043b\u044c \u0438\u0437 Authorization \u043f\u043e\u043f\u0430\u0434\u0430\u043b \u0432 \u0441\u0435\u0441\u0441\u0438\u044e \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043e\u0447\u043d\u043e\u0439 \u043e\u0447\u0438\u0441\u0442\u043a\u043e\u0439, \u043c\u043e\u0433\u043b\u0438 \u0441\u043e\u0445\u0440\u0430\u043d\u044f\u0442\u044c\u0441\u044f \u0443\u043f\u0440\u0430\u0432\u043b\u044f\u044e\u0449\u0438\u0435 \u0441\u0438\u043c\u0432\u043e\u043b\u044b \u0432\u0440\u043e\u0434\u0435 \\r\\n. \u0418\u0437-\u0437\u0430 \u044d\u0442\u043e\u0433\u043e \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043c\u043e\u0433 \u0432\u043d\u0435\u0434\u0440\u0438\u0442\u044c \u0432 session-\u0444\u0430\u0439\u043b \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 \u0441\u0442\u0440\u043e\u043a\u0438 \u0438 \u043f\u043e\u0434\u0441\u0442\u0430\u0432\u0438\u0442\u044c \u043d\u0443\u0436\u043d\u044b\u0435 \u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u044b, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, user=root, hasroot=1. \u041a\u0440\u043e\u043c\u0435 \u0442\u043e\u0433\u043e, \u0447\u0430\u0441\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0445 \u043c\u043e\u0433\u043b\u0430 \u0437\u0430\u043f\u0438\u0441\u044b\u0432\u0430\u0442\u044c\u0441\u044f \u0432 raw session-\u0444\u0430\u0439\u043b \u0431\u0435\u0437 \u043a\u043e\u0434\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f. \n\n\u0417\u0430\u0442\u0435\u043c \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043f\u0440\u043e\u0432\u043e\u0446\u0438\u0440\u043e\u0432\u0430\u043b \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u043e\u0435 \u0447\u0442\u0435\u043d\u0438\u0435 \u044d\u0442\u043e\u0439 \u0441\u0435\u0441\u0441\u0438\u0438, \u0438 \u0441\u0435\u0440\u0432\u0435\u0440 \u0443\u0436\u0435 \u0432\u043e\u0441\u043f\u0440\u0438\u043d\u0438\u043c\u0430\u043b \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u043d\u044b\u0435 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u044f \u043a\u0430\u043a \u0432\u0430\u043b\u0438\u0434\u043d\u044b\u0435.\n\n\u267e\ufe0f\u041f\u0430\u0439\u043f\u043b\u0430\u0439\u043d \u0430\u0442\u0430\u043a\u0438\u267e\ufe0f\n\n\u25aa\ufe0f\u0410\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u0441\u043e\u0437\u0434\u0430\u0435\u0442 pre-auth session \u0447\u0435\u0440\u0435\u0437 \u043d\u0435\u0443\u0441\u043f\u0435\u0448\u043d\u0443\u044e \u043f\u043e\u043f\u044b\u0442\u043a\u0443 \u0432\u0445\u043e\u0434\u0430\n\u25aa\ufe0f\u041f\u043e\u043b\u0443\u0447\u0430\u0435\u0442 whostmgrsession cookie \u0438 \u043f\u043e\u0432\u0442\u043e\u0440\u043d\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442 \u0435\u0433\u043e \u0431\u0435\u0437 -\u0447\u0430\u0441\u0442\u0438\n\u25aa\ufe0f\u041e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0435\u0442 Basic Auth, \u0433\u0434\u0435 \u0432 \u043f\u0430\u0440\u043e\u043b\u044c \u0432\u0441\u0442\u0440\u043e\u0435\u043d\u044b CRLF \u0438 \u0434\u043e\u043f\u043e\u043b\u043d\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0435 session-\u043f\u043e\u043b\u044f\n\u25aa\ufe0f\u042d\u0442\u0438 \u0441\u0442\u0440\u043e\u043a\u0438 \u043f\u043e\u043f\u0430\u0434\u0430\u044e\u0442 \u0432 raw session-\u0444\u0430\u0439\u043b\n\u25aa\ufe0f\u0417\u0430\u0442\u0435\u043c \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u0442\u0440\u0438\u0433\u0433\u0435\u0440\u0438\u0442 \u043f\u0443\u0442\u044c \u043e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043d\u0435\u0432\u0435\u0440\u043d\u043e\u0433\u043e/\u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u0433\u043e cp_security_token, \u0447\u0442\u043e\u0431\u044b raw-\u0441\u0435\u0441\u0441\u0438\u044f \u0431\u044b\u043b\u0430 \u043f\u0435\u0440\u0435\u0447\u0438\u0442\u0430\u043d\u0430 \u0438 \u0437\u0430\u043f\u0438\u0441\u0430\u043d\u0430 \u0432 JSON-cache\n\u25aa\ufe0f\u041f\u043e\u0441\u043b\u0435 \u044d\u0442\u043e\u0433\u043e \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u043d\u044b\u0435 \u043f\u043e\u043b\u044f \u0441\u0442\u0430\u043d\u043e\u0432\u044f\u0442\u0441\u044f top-level-\u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440\u0430\u043c\u0438 \u0441\u0435\u0441\u0441\u0438\u0438\n\u25aa\ufe0f\u0417\u0430 \u0441\u0447\u0435\u0442 successful_internal_auth_with_timestamp \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0430 \u043f\u0430\u0440\u043e\u043b\u044f \u0444\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043e\u0431\u0445\u043e\u0434\u0438\u0442\u0441\u044f\n\u25aa\ufe0f\u0412 \u0440\u0435\u0437\u0443\u043b\u044c\u0442\u0430\u0442\u0435 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043f\u043e\u043b\u0443\u0447\u0430\u0435\u0442 root-\u0434\u043e\u0441\u0442\u0443\u043f \u0431\u0435\u0437 \u0437\u043d\u0430\u043d\u0438\u044f \u043f\u0430\u0440\u043e\u043b\u044f\n\n\u267e\ufe0f\u0420\u0435\u0430\u0433\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435\u267e\ufe0f\n\n\u25aa\ufe0f\u041e\u0431\u043d\u043e\u0432\u0438\u0442\u044c cPanel & WHM / WP Squared \u0434\u043e \u043f\u0440\u043e\u043f\u0430\u0442\u0447\u0435\u043d\u043d\u044b\u0445 \u0432\u0435\u0440\u0441\u0438\u0439\n\u25aa\ufe0f\u0417\u0430\u043f\u0443\u0441\u0442\u0438\u0442\u044c \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0439 detection script \u043e\u0442 cPanel \u0434\u043b\u044f \u043f\u043e\u0438\u0441\u043a\u0430 IOC \u0432 session-\u0444\u0430\u0439\u043b\u0430\u0445\n\u25aa\ufe0f\u041f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c /var/cpanel/sessions/raw/, /var/cpanel/sessions/preauth/, session-cache \u0438 access logs\n\u25aa\ufe0f\u041f\u0440\u043e\u0432\u0435\u0441\u0442\u0438 \u0440\u043e\u0442\u0430\u0446\u0438\u044e root, WHM/reseller \u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u0441\u043a\u0438\u0445 \u043f\u0430\u0440\u043e\u043b\u0435\u0439\n\u25aa\ufe0f\u0415\u0441\u043b\u0438 \u043d\u0435\u043b\u044c\u0437\u044f \u0441\u0440\u0430\u0437\u0443 \u043e\u0431\u043d\u043e\u0432\u0438\u0442\u044c\u0441\u044f \u2014 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u043f\u043e\u0440\u0442\u0430\u043c 2083, 2087, 2095, 2096 \u0438 Service Subdomains, \u043b\u0438\u0431\u043e \u0432\u0440\u0435\u043c\u0435\u043d\u043d\u043e \u043e\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c cpsrvd/cpdavd\n\n  \ud83d\udd17\u0418\u0441\u0442\u043e\u0447\u043d\u0438\u043a\n\n\ud83c\udf1a @poxek | \ud83d\udcf2 MAX |\ud83c\udf1a \u0411\u043b\u043e\u0433 | \ud83d\udcfa YT | \ud83d\udcfa RT | \ud83d\udcfa VK", "creation_timestamp": "2026-05-05T13:00:58.000000Z"}, {"uuid": "511de4d1-829b-4fd3-a957-f96f9afe333d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "MISP/044d9cc0-2950-5a81-8949-19e3f1825173", "content": "", "creation_timestamp": "2026-05-05T08:22:51.000000Z"}, {"uuid": "d27cfc54-e29e-4cfc-b2c0-d976e088e277", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://infosec.exchange/users/technadu/statuses/116522640169160420", "content": "CVE-2026-41940 in cPanel & WHM under mass exploitation.550K+ servers potentially exposed \u2192 auth bypass \u2192 ransomware deployment.CISA urges immediate patching.\nhttps://www.technadu.com/hackers-mass-exploit-critical-cpanel-vulnerability-may-impact-550000-potentially-vulnerable-servers/627301/\nPatched yet?\n#Infosec #Vulnerability", "creation_timestamp": "2026-05-05T15:19:48.386318Z"}, {"uuid": "2ef6d46e-c6ce-4cf3-a1e1-c3354e89e0ad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3ml4ig7k5a32c", "content": "Critical cPanel & WHM vulnerability (CVE-2026-41940) under active exploitation. Immediate patching required to prevent unauthorized access. #CyberSecurity #cPanel #WHM #VulnerabilityAlert Link: thedailytechfeed.com/cisa-alerts-...", "creation_timestamp": "2026-05-05T15:21:04.876582Z"}, {"uuid": "92c80899-aac6-43a2-bc77-c9a227ef28c0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/technadu.com/post/3ml4ifzf2vk2e", "content": "Critical cPanel & WHM flaw (CVE-2026-41940) is being actively exploited.\n550K+ servers at risk \u2192 auth bypass \u2192 ransomware.\n\nAre you patched? #CyberSecurity", "creation_timestamp": "2026-05-05T15:21:30.857430Z"}, {"uuid": "50c0a416-108b-4813-8381-b2c29b2e68fd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/crustytldr.bsky.social/post/3ml4dzqow2e2u", "content": "\ud83d\udd12 The CPanel Zero-Day Was Active for 64 Days Before Anyone Knew\n\nA critical cPanel zero-day vulnerability (CVE-2026-41940) was actively exploited for 64 days, starting in February 2026, bef...\n\nhttps://is.gd/ttqQu7 #CyberSecurity #InfoSec #CrustyTLDR", "creation_timestamp": "2026-05-05T14:02:29.995602Z"}, {"uuid": "e7b5a35d-5328-49fa-9001-ac4d825529bf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/technadu.com/post/3ml4igiopts2e", "content": "Critical cPanel & WHM flaw (CVE-2026-41940) is being actively exploited.\n550K+ servers at risk \u2192 auth bypass \u2192 ransomware.\n\nAre you patched? #CyberSecurity", "creation_timestamp": "2026-05-05T15:21:31.397471Z"}, {"uuid": "0444443b-a672-4289-9cf3-0738062f8eac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3ml4p7ogfzk2z", "content": "3/ \u26a0\ufe0f cPanel CVE-2026-41940 (auth bypass) exploited within 24 hours. 44,000 IPs compromised. Targets: Philippines & Laos government domains, MSPs globally. Mirai botnet + ransomware \"Sorry\" already in the wild. Patch immediately.", "creation_timestamp": "2026-05-05T17:22:42.708303Z"}, {"uuid": "96b784d6-bae1-4f48-bf1c-e0bd32c78b29", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/groovysecurity.bsky.social/post/3ml4j7gaprw2q", "content": "MOVEit Automation patched yesterday \u2014 CVE-2026-4670 + CVE-2026-5174, pre-auth chain to admin.\n\nTwo months back, cPanel CVE-2026-41940: 40K servers exploited from Feb 23, patch April 30.\n\nA version banner says \"remediated.\" Whether the exploit still runs on your config is a different question.", "creation_timestamp": "2026-05-05T15:35:10.210184Z"}, {"uuid": "7073712a-03de-44e7-9324-e963a6de4ebb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3ml4mf6xxdk2c", "content": "Critical cPanel vulnerability CVE-2026-41940 exploited to target government and MSP networks. Immediate patching recommended. #CyberSecurity #cPanel #Vulnerability #MSP #GovernmentSecurity Link: thedailytechfeed.com/cpanel-vulne...", "creation_timestamp": "2026-05-05T16:32:05.343402Z"}, {"uuid": "71ff0253-cc19-4e6f-a7a3-0b5cc91623b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/thedailytechfeed.com/post/3ml4ndkv4ys2i", "content": "Urgent: Hackers are exploiting a critical cPanel vulnerability (CVE-2026-41940), compromising thousands of websites. Ensure your servers are patched immediately. #CyberSecurity #cPanel #WebHosting Link: thedailytechfeed.com/cpanel-vulne...", "creation_timestamp": "2026-05-05T16:49:05.607438Z"}, {"uuid": "a56e5ec6-82b9-43cd-b165-d431bed21ca6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3ml4p7ogntk2z", "content": "3/ \u26a0\ufe0f cPanel CVE-2026-41940 (auth bypass) exploited within 24 hours. 44,000 IPs compromised. Targets: Philippines & Laos government domains, MSPs globally. Mirai botnet + ransomware \"Sorry\" already in the wild. Patch immediately.", "creation_timestamp": "2026-05-05T17:22:46.457961Z"}, {"uuid": "71d4fac6-eaea-405e-a074-61140cc33980", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3ml4p7ogps22z", "content": "3/ \u26a0\ufe0f cPanel CVE-2026-41940 (auth bypass) exploited within 24 hours. 44,000 IPs compromised. Targets: Philippines & Laos government domains, MSPs globally. Mirai botnet + ransomware \"Sorry\" already in the wild. Patch immediately.", "creation_timestamp": "2026-05-05T17:22:47.083244Z"}, {"uuid": "e8194569-9c8e-4352-b771-a908b862ff74", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3ml4p7ogqrc2z", "content": "3/ \u26a0\ufe0f cPanel CVE-2026-41940 (auth bypass) exploited within 24 hours. 44,000 IPs compromised. Targets: Philippines & Laos government domains, MSPs globally. Mirai botnet + ransomware \"Sorry\" already in the wild. Patch immediately.", "creation_timestamp": "2026-05-05T17:22:48.429816Z"}, {"uuid": "c46a2cbb-556b-42b4-b154-e04519bf2f68", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/hacker.at.thenote.app/post/3ml4x7phous2g", "content": "Hackers target governments and MSPs via critical cPanel flaw CVE-2026-41940\n\nAttackers exploit a critical cPanel flaw to target government and MSP networks across Southeast Asia and several countries, including the U.S. and Canada. A threat actor is exploiting critical cPanel vuln\u2026\n#hackernews #news", "creation_timestamp": "2026-05-05T19:45:51.611145Z"}, {"uuid": "e4dd5ed9-6aaa-45da-b19a-63fccc6de3f3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3ml4p7ogrqk2z", "content": "3/ \u26a0\ufe0f cPanel CVE-2026-41940 (auth bypass) exploited within 24 hours. 44,000 IPs compromised. Targets: Philippines & Laos government domains, MSPs globally. Mirai botnet + ransomware \"Sorry\" already in the wild. Patch immediately.", "creation_timestamp": "2026-05-05T17:22:50.842604Z"}, {"uuid": "f38fad47-a8ff-40db-ad5a-42b2ef24064b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3ml4p7ogsps2z", "content": "3/ \u26a0\ufe0f cPanel CVE-2026-41940 (auth bypass) exploited within 24 hours. 44,000 IPs compromised. Targets: Philippines & Laos government domains, MSPs globally. Mirai botnet + ransomware \"Sorry\" already in the wild. Patch immediately.", "creation_timestamp": "2026-05-05T17:22:51.577168Z"}, {"uuid": "0a2c40d8-3c97-4111-a0ac-0da7d1f5df04", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3ml4p7ogvnk2z", "content": "3/ \u26a0\ufe0f cPanel CVE-2026-41940 (auth bypass) exploited within 24 hours. 44,000 IPs compromised. Targets: Philippines & Laos government domains, MSPs globally. Mirai botnet + ransomware \"Sorry\" already in the wild. Patch immediately.", "creation_timestamp": "2026-05-05T17:22:52.804899Z"}, {"uuid": "c3a3f98d-c422-420f-83e7-05787afe821e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3ml4p7ogwms2z", "content": "3/ \u26a0\ufe0f cPanel CVE-2026-41940 (auth bypass) exploited within 24 hours. 44,000 IPs compromised. Targets: Philippines & Laos government domains, MSPs globally. Mirai botnet + ransomware \"Sorry\" already in the wild. Patch immediately.", "creation_timestamp": "2026-05-05T17:22:54.901427Z"}, {"uuid": "1f483337-f842-4585-8191-7ae872d48f4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3ml4p7ogwmt2z", "content": "3/ \u26a0\ufe0f cPanel CVE-2026-41940 (auth bypass) exploited within 24 hours. 44,000 IPs compromised. Targets: Philippines & Laos government domains, MSPs globally. Mirai botnet + ransomware \"Sorry\" already in the wild. Patch immediately.", "creation_timestamp": "2026-05-05T17:22:56.418745Z"}, {"uuid": "4e51c9c5-7e85-4137-95d9-c7e15f9af919", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3ml4p7ogyld2z", "content": "3/ \u26a0\ufe0f cPanel CVE-2026-41940 (auth bypass) exploited within 24 hours. 44,000 IPs compromised. Targets: Philippines & Laos government domains, MSPs globally. Mirai botnet + ransomware \"Sorry\" already in the wild. Patch immediately.", "creation_timestamp": "2026-05-05T17:22:57.513494Z"}, {"uuid": "575e27a9-bd38-4df2-ba34-7b9446fd4daf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://gist.github.com/mrjhnsn/5bceea4afa2ce5815a44fd7a5f7732d7", "content": "#!/bin/bash\n# Scan for compromised cPanel/WHM session files.\n#\n# Each check function inspects a single session file and, if the IOC\n# matches, calls report_finding with a severity. report_finding records\n# the finding, prints a one-line header, and dumps the session for triage.\n# A summary of all findings (grouped by severity) is printed at the end.\n\n\n# Default paths\nSESSIONS_DIR=\"/var/cpanel/sessions\"\nACCESS_LOG=\"/usr/local/cpanel/logs/access_log\"\n\n# Flags\nVERBOSE=0\nPURGE=0\nASSUME_YES=0\n\n# Parse flags\nwhile [ $# -gt 0 ]; do\n    case \"$1\" in\n        --verbose)\n            VERBOSE=1\n            ;;\n        --purge)\n            PURGE=1\n            ;;\n        --yes|-y)\n            ASSUME_YES=1\n            ;;\n        --sessions-dir)\n            SESSIONS_DIR=\"$2\"; shift\n            ;;\n        --access-log)\n            ACCESS_LOG=\"$2\"; shift\n            ;;\n        --help|-h)\n            echo \"Usage: $0 [--verbose] [--purge [--yes]] [--sessions-dir DIR] [--access-log FILE]\"\n            exit 0\n            ;;\n        *)\n            echo \"Unknown argument: $1\" >&2\n            exit 1\n            ;;\n    esac\n    shift\ndone\n\n# Findings accumulator. Each entry: \"SEVERITY|session_file|short_message\"\nFINDINGS=()\n# Ordered list of unique session files that produced findings.\nFINDING_SESSIONS=()\n# Parallel array: token value associated with each entry in FINDING_SESSIONS\n# (first non-empty token seen for that session).\nFINDING_TOKENS=()\n# Parallel array: highest severity reported for each session (by index)\nFINDING_SEVERITIES=()\nCOUNT_CRITICAL=0\nCOUNT_WARNING=0\nCOUNT_INFO=0\nCOUNT_ATTEMPT=0\n\n# ---------------------------------------------------------------------------\n# Helpers\n# ---------------------------------------------------------------------------\n\n# Extract the value of a key=value line from a session file (first match).\n# Use: get_field  \nget_field() {\n    local file=\"$1\" key=\"$2\"\n    grep \"^${key}=\" \"$file\" | head -1 | cut -d= -f2-\n}\n\nhr() {\n    echo \"    ----------------------------------------------------------------\"\n}\n\n# Dump full contents of a session file plus related context (matching\n# pre-auth file, access_log hits for the injected token, file metadata).\n# Use: dump_session  [token_value]\ndump_session() {\n    local session_file=\"$1\"\n    local token_val=\"$2\"\n    local session_name preauth_file\n    session_name=$(basename \"$session_file\")\n    preauth_file=\"$SESSIONS_DIR/preauth/$session_name\"\n\n    hr\n    echo \"    SESSION DUMP: $session_file\"\n    hr\n    echo \"    File metadata:\"\n    ls -la \"$session_file\" 2>/dev/null | sed 's/^/      /'\n    echo\n    echo \"    Full session contents:\"\n    sed 's/^/      /' \"$session_file\"\n    echo\n\n    if [ -f \"$preauth_file\" ]; then\n        echo \"    Matching pre-auth file: $preauth_file\"\n        ls -la \"$preauth_file\" 2>/dev/null | sed 's/^/      /'\n        echo \"    Pre-auth contents:\"\n        sed 's/^/      /' \"$preauth_file\"\n        echo\n    fi\n\n    if [ -n \"$token_val\" ] && [ -r \"$ACCESS_LOG\" ]; then\n        echo \"    Access log hits for token '$token_val':\"\n        grep -aF -- \"$token_val\" \"$ACCESS_LOG\" | sed 's/^/      /' || echo \"      (none)\"\n        echo\n    fi\n    hr\n}\n\n# Record a finding and print a brief header line. The full session dump is\n# deferred to print_summary so that multiple findings for the same session\n# are grouped together and the session is only dumped once. When the same\n# session matches multiple IOCs at different severities, only the highest\n# (CRITICAL > WARNING > ATTEMPT > INFO) is kept.\n# Use: report_finding    \n# SEVERITY is one of: CRITICAL, WARNING, ATTEMPT, INFO\nreport_finding() {\n    local severity=\"$1\"\n    local session_file=\"$2\"\n    local token_val=\"$3\"\n    local message=\"$4\"\n\n    # Severity ranking: CRITICAL=3, WARNING=2, ATTEMPT=1, INFO=0\n    local sev_rank=0\n    case \"$severity\" in\n        CRITICAL) sev_rank=3 ;;\n        WARNING)  sev_rank=2 ;;\n        ATTEMPT)  sev_rank=1 ;;\n        INFO)     sev_rank=0 ;;\n    esac\n\n    local i found=0 prev_sev prev_rank\n    for i in \"${!FINDING_SESSIONS[@]}\"; do\n        if [ \"${FINDING_SESSIONS[$i]}\" = \"$session_file\" ]; then\n            found=1\n            prev_sev=\"${FINDING_SEVERITIES[$i]}\"\n            case \"$prev_sev\" in\n                CRITICAL) prev_rank=3 ;;\n                WARNING)  prev_rank=2 ;;\n                ATTEMPT)  prev_rank=1 ;;\n                INFO)     prev_rank=0 ;;\n            esac\n            if [ \"$sev_rank\" -le \"$prev_rank\" ]; then\n                # Existing finding is at least as severe; ignore.\n                return\n            fi\n            # Upgrade in place: replace severity, token, FINDINGS entry,\n            # and roll back the previous severity counter so the new one\n            # can be incremented below without double-counting.\n            FINDING_SEVERITIES[$i]=\"$severity\"\n            [ -n \"$token_val\" ] && FINDING_TOKENS[$i]=\"$token_val\"\n            local j\n            for j in \"${!FINDINGS[@]}\"; do\n                local entry=\"${FINDINGS[$j]}\"\n                local entry_sev=\"${entry%%|*}\"\n                local entry_file=\"${entry#*|}\"; entry_file=\"${entry_file%%|*}\"\n                if [ \"$entry_file\" = \"$session_file\" ] && [ \"$entry_sev\" = \"$prev_sev\" ]; then\n                    FINDINGS[$j]=\"${severity}|${session_file}|${message}\"\n                    break\n                fi\n            done\n            case \"$prev_sev\" in\n                CRITICAL) COUNT_CRITICAL=$((COUNT_CRITICAL - 1)) ;;\n                WARNING)  COUNT_WARNING=$((COUNT_WARNING - 1))   ;;\n                ATTEMPT)  COUNT_ATTEMPT=$((COUNT_ATTEMPT - 1))   ;;\n                INFO)     COUNT_INFO=$((COUNT_INFO - 1))         ;;\n            esac\n            break\n        fi\n    done\n\n    if [ \"$found\" -eq 0 ]; then\n        FINDING_SESSIONS+=(\"$session_file\")\n        FINDING_TOKENS+=(\"$token_val\")\n        FINDING_SEVERITIES+=(\"$severity\")\n        FINDINGS+=(\"${severity}|${session_file}|${message}\")\n    fi\n\n    case \"$severity\" in\n        CRITICAL) COUNT_CRITICAL=$((COUNT_CRITICAL + 1)) ;;\n        WARNING)  COUNT_WARNING=$((COUNT_WARNING + 1))   ;;\n        ATTEMPT)  COUNT_ATTEMPT=$((COUNT_ATTEMPT + 1))   ;;\n        INFO)     COUNT_INFO=$((COUNT_INFO + 1))         ;;\n    esac\n\n    echo \"[${severity}] ${message}: ${session_file}\"\n}\n\n# ---------------------------------------------------------------------------\n# IOC checks\n# ---------------------------------------------------------------------------\n\n# IOC 0: token_denied counter alongside cp_security_token, in a session\n# whose origin is badpass or otherwise non-benign.\n#\n# - token_denied is incremented by do_token_denied() (cpsrvd.pl:3821)\n#   every time a request supplies the wrong cp_security_token. The\n#   session is killed on the third failure.\n# - cp_security_token itself is set by newsession() unconditionally\n#   while security tokens are enabled (Cpanel/Server.pm:2290), so its\n#   presence is NOT by itself an IOC. The pair (token_denied,\n#   cp_security_token) tells us only that someone is actively trying\n#   tokens against this session.\n#\n# Auth markers (successful_*_auth_with_timestamp, hasroot=1,\n# tfa_verified=1, or an access_log hit on the security token) cannot\n# legitimately appear in a badpass session: the badpass call site\n# (Cpanel/Server.pm:1244-1252) doesn't pass them, hasroot is not even\n# in _SESSION_PARTS (Cpanel/Server.pm:2216-2247), and tfa_verified is\n# forced to 0 unless the caller passes a truthy value (line 2295).\n#\n# Severity tiers:\n#   CRITICAL - badpass origin AND auth markers present (post-exploit)\n#   INFO     - badpass origin, no auth markers, pass looks like a real\n#              encoded password (likely an unrelated failed login that\n#              happened to receive bad-token traffic)\n#   WARNING  - origin is neither badpass nor a known-benign method\n#              (handle_form_login, create_user_session,\n#              handle_auth_transfer); the suspicious origin itself is\n#              the IOC\n#\n# Legitimate badpass sessions never carry a pass= line (the badpass\n# call site at Cpanel/Server.pm:1244-1252 does not pass `pass` to\n# newsession, and saveSession only writes pass= when length is\n# non-zero - Cpanel/Session.pm:181). When we see one anyway we defer\n# classification to IOC 5 (check_failed_exploit_attempt), which flags\n# it as ATTEMPT.\ncheck_token_denied_with_injected_token() {\n    local session_file=\"$1\"\n\n    grep -q '^token_denied='      \"$session_file\" || return\n    grep -q '^cp_security_token=' \"$session_file\" || return\n\n    local token_val external_auth internal_auth hasroot tfa used\n    token_val=$(get_field      \"$session_file\" cp_security_token)\n    external_auth=$(get_field  \"$session_file\" successful_external_auth_with_timestamp)\n    internal_auth=$(get_field  \"$session_file\" successful_internal_auth_with_timestamp)\n    hasroot=$(get_field        \"$session_file\" hasroot)\n    tfa=$(get_field            \"$session_file\" tfa_verified)\n    used=\"\"\n    if [ -r \"$ACCESS_LOG\" ]; then\n        used=$(grep -aF -- \"$token_val\" \"$ACCESS_LOG\" | grep -m1 \" 200 \")\n    fi\n\n    local has_auth_markers=0\n    if [ -n \"$external_auth\" ] || [ -n \"$internal_auth\" ] \\\n       || [ \"$hasroot\" = \"1\" ] || [ \"$tfa\" = \"1\" ] || [ -n \"$used\" ]; then\n        has_auth_markers=1\n    fi\n\n    if grep -q '^origin_as_string=.*method=badpass' \"$session_file\"; then\n        if [ \"$has_auth_markers\" -eq 1 ]; then\n            report_finding CRITICAL \"$session_file\" \"$token_val\" \\\n                \"Exploitation artifact - token_denied with injected cp_security_token (badpass origin, token used)\"\n        else\n            # A pass= line on a badpass session is itself anomalous;\n            # defer to IOC 5 (ATTEMPT).\n            if grep -q '^pass=' \"$session_file\"; then\n                return\n            fi\n            report_finding INFO \"$session_file\" \"$token_val\" \\\n                \"Possible injected session (badpass origin, no usage observed)\"\n        fi\n    elif grep -q '^origin_as_string=.*method=handle_form_login' \"$session_file\" || \\\n         grep -q '^origin_as_string=.*method=create_user_session' \"$session_file\" || \\\n         grep -q '^origin_as_string=.*method=handle_auth_transfer' \"$session_file\"; then\n        # Known-benign origins where token_denied + cp_security_token\n        # genuinely happens during normal use.\n        return\n    else\n        report_finding WARNING \"$session_file\" \"$token_val\" \\\n            \"Suspicious session with token_denied + cp_security_token (non-badpass origin)\"\n    fi\n}\n\n# IOC 1: A session that still has its pre-auth marker file but already\n# contains an auth-success timestamp (external or internal).\n#\n# write_session creates $SESSIONS_DIR/preauth/ when the\n# session is written with needs_auth=1, and removes that marker once\n# needs_auth is cleared on promotion (Cpanel/Session.pm:225-235). A\n# legitimately authenticated session therefore never has both the\n# preauth marker and an auth-success timestamp at the same time.\n#\n# Both successful_external_auth_with_timestamp and\n# successful_internal_auth_with_timestamp are checked: the original\n# poc.py payload injects the external variant; the watchtowr payload\n# (poc/poc_watchtowr.py:35) injects the internal variant.\ncheck_preauth_with_auth_attrs() {\n    local session_file=\"$1\"\n    local session_name preauth_file\n    session_name=$(basename \"$session_file\")\n    preauth_file=\"$SESSIONS_DIR/preauth/$session_name\"\n\n    [ -f \"$preauth_file\" ] || return\n\n    local marker\n    if grep -qE '^successful_external_auth_with_timestamp=' \"$session_file\"; then\n        marker=\"successful_external_auth_with_timestamp\"\n    elif grep -qE '^successful_internal_auth_with_timestamp=' \"$session_file\"; then\n        marker=\"successful_internal_auth_with_timestamp\"\n    else\n        return\n    fi\n\n    report_finding CRITICAL \"$session_file\" \\\n        \"$(get_field \"$session_file\" cp_security_token)\" \\\n        \"Injected session - ${marker} present in pre-auth session\"\n}\n\n# IOC 2: tfa_verified=1 outside of a legitimate origin method.\n#\n# tfa_verified=1 is set in only two places:\n#   - Cpanel/Security/Authn/TwoFactorAuth/Verify.pm:122, after a real\n#     TFA token validation succeeds.\n#   - Cpanel/Server.pm:2295, when a caller passes tfa_verified=1 to\n#     newsession().\n# In both cases the legitimate origin method is one of handle_form_login,\n# create_user_session, or handle_auth_transfer. tfa_verified=1 with any\n# other origin (notably badpass) cannot occur in a benign flow.\ncheck_tfa_with_bad_origin() {\n    local session_file=\"$1\"\n\n    grep -qE '^tfa_verified=1$' \"$session_file\" || return\n    grep -q '^origin_as_string=.*method=handle_form_login'    \"$session_file\" && return\n    grep -q '^origin_as_string=.*method=create_user_session'  \"$session_file\" && return\n    grep -q '^origin_as_string=.*method=handle_auth_transfer' \"$session_file\" && return\n\n    report_finding WARNING \"$session_file\" \\\n        \"$(get_field \"$session_file\" cp_security_token)\" \\\n        \"Session with tfa_verified=1 but suspicious origin\"\n}\n\n# IOC 3: Session file contains a line that is not in `key=value` form.\n#\n# Three structural invariants together guarantee that every legitimate\n# line matches ^[A-Za-z_][A-Za-z0-9_]*=:\n#\n#   1. write_session serializes via Cpanel::Config::FlushConfig::flushConfig\n#      with '=' as the separator (Cpanel/Session.pm:221), so the on-disk\n#      format is one key=value pair per line.\n#   2. Keys come from a fixed whitelist (_SESSION_PARTS at\n#      Cpanel/Server.pm:2216-2247, applied at lines 2268-2270), so they\n#      always match the identifier shape above.\n#   3. Cpanel::Session::filter_sessiondata strips \\r\\n from every value\n#      (Cpanel/Session.pm:315) and additionally strips \\r\\n=, from origin\n#      sub-values (line 312), so values can never re-introduce line\n#      breaks. The `pass` value is additionally encoded by saveSession\n#      (Cpanel/Session.pm:181-189) into either lowercase hex (with-secret\n#      via Cpanel::Session::Encoder->encode_data) or the literal prefix\n#      `no-ob:` followed by lowercase hex (no-secret via\n#      Cpanel::Session::Encoder->hex_encode_only), so it cannot\n#      reintroduce structural characters either.\n#\n# Any non-blank line that fails the regex is the footprint of an\n# injection that bypassed these invariants - typically raw payload bytes\n# that didn't form valid key=value pairs. Note: an injection whose\n# smuggled lines DO match key=value (e.g. the watchtowr payload at\n# poc/poc_watchtowr.py:35, which fabricates successful_internal_auth_\n# with_timestamp/user/tfa_verified/hasroot lines) will not trip this\n# check; it is caught by IOC-0 and IOC-4 instead.\ncheck_malformed_session_line() {\n    local session_file=\"$1\"\n\n    # Look for any non-blank line that doesn't start with key=...\n    grep -nE -v '^[A-Za-z_][A-Za-z0-9_]*=|^[[:space:]]*$' \"$session_file\" >/dev/null 2>&1 || return\n\n    report_finding CRITICAL \"$session_file\" \\\n        \"$(get_field \"$session_file\" cp_security_token)\" \\\n        \"Malformed session line(s) detected (not key=value - newline injection footprint)\"\n}\n\n# IOC 4: badpass origin combined with markers that no legitimate cpsrvd\n# code path writes into a badpass session.\n#\n# The badpass call site (Cpanel/Server.pm:1244-1252) is:\n#\n#   $randsession = $self->newsession(\n#       'needs_auth' => 1,\n#       %security_token_options,            # adds cp_security_token\n#       'origin' => { 'method' => 'badpass' },\n#   );\n#\n# %security_token_options is why badpass sessions legitimately carry\n# cp_security_token, but no auth-related options are ever supplied.\n# newsession() filters %OPTS through the _SESSION_PARTS whitelist\n# (Cpanel/Server.pm:2216-2247, applied at lines 2268-2270), so any key\n# not in that whitelist cannot land in the session via newsession at\n# all. Per marker:\n#\n#   successful_external_auth_with_timestamp - whitelisted, but the\n#       badpass caller doesn't pass it\n#   successful_internal_auth_with_timestamp - same\n#   tfa_verified=1 - newsession unconditionally writes 0 unless the\n#       caller passed a truthy value (Cpanel/Server.pm:2295), and the\n#       badpass caller doesn't\n#   hasroot=1 - NOT in _SESSION_PARTS, so newsession cannot write it\n#       for ANY session. A repo-wide grep finds no caller of\n#       Cpanel::Session::Modify->set('hasroot', ...) either: hasroot is\n#       never written to a session by legitimate code. Its presence in\n#       any session file is conclusive evidence of newline injection\n#       (the watchtowr payload at poc/poc_watchtowr.py:35 smuggles\n#       hasroot=1 via \\r\\n in a user-controlled field).\ncheck_badpass_with_auth_markers() {\n    local session_file=\"$1\"\n\n    grep -q '^origin_as_string=.*method=badpass' \"$session_file\" || return\n\n    local markers=()\n    grep -q '^successful_external_auth_with_timestamp=' \"$session_file\" \\\n        && markers+=(\"successful_external_auth_with_timestamp\")\n    grep -q '^successful_internal_auth_with_timestamp=' \"$session_file\" \\\n        && markers+=(\"successful_internal_auth_with_timestamp\")\n    grep -qE '^hasroot=1$'      \"$session_file\" && markers+=(\"hasroot=1\")\n    grep -qE '^tfa_verified=1$' \"$session_file\" && markers+=(\"tfa_verified=1\")\n\n    [ \"${#markers[@]}\" -gt 0 ] || return\n\n    local joined\n    joined=$(IFS=,; echo \"${markers[*]}\")\n    report_finding CRITICAL \"$session_file\" \\\n        \"$(get_field \"$session_file\" cp_security_token)\" \\\n        \"badpass origin combined with authenticated markers ($joined) - impossible in benign flow\"\n}\n\n# IOC 5: Failed exploit attempt - a badpass session that carries a\n# pass= line, a token_denied counter, and no auth markers.\n#\n# A legitimate badpass session is created at Cpanel/Server.pm:1244-1252:\n#\n#   $randsession = $self->newsession(\n#       'needs_auth' => 1,\n#       %security_token_options,\n#       'origin' => { 'method' => 'badpass' },\n#   );\n#\n# %security_token_options carries only cp_security_token,\n# requested_token_at_next_login, and previous_session_user\n# (Cpanel/Server.pm:1205-1226) - never `pass`. saveSession only\n# writes a pass= line when length($session_ref->{pass}) is non-zero\n# (Cpanel/Session.pm:181), so legitimate badpass sessions have no\n# pass= line at all.\n#\n# An exploit that tampers with a user-controlled field on a\n# badpass-bound request leaves a pass= line behind (saveSession\n# encodes it as `` or `no-ob:` per Cpanel/Session.pm:181-189,\n# but the format is irrelevant - its presence is the indicator). Combined\n# with token_denied (someone was poking at cp_security_token) and the\n# absence of auth markers (the injection didn't promote - otherwise\n# IOC-0 or IOC-4 fires CRITICAL), this is the signature of a failed\n# exploit attempt.\ncheck_failed_exploit_attempt() {\n    local session_file=\"$1\"\n\n    grep -q '^origin_as_string=.*method=badpass' \"$session_file\" || return\n    grep -q '^token_denied=' \"$session_file\" || return\n\n    # If auth markers are present, IOC-4 (CRITICAL) handles it.\n    grep -q '^successful_internal_auth_with_timestamp=' \"$session_file\" && return\n    grep -q '^successful_external_auth_with_timestamp=' \"$session_file\" && return\n\n    # Legitimate badpass sessions never carry pass=.\n    grep -q '^pass=' \"$session_file\" || return\n\n    report_finding ATTEMPT \"$session_file\" \"$(get_field \"$session_file\" cp_security_token)\" \\\n        \"Failed exploit attempt (badpass origin, token_denied, no auth markers, anomalous pass= line)\"\n}\n\n# Inspect a *.lock file (Cpanel::SafeFile dotlock) and confirm it looks\n# like a real lock before silently skipping it.\n#\n# Cpanel::Session uses Cpanel::SafeFile to write the session file to\n# disk (serialization itself is handled in the session code). SafeFile\n# creates a sibling dotlock at .lock for the duration of every\n# write and, on crash/abort, may leave it behind permanently. The lock contents\n# are written by Cpanel::SafeFileLock::write_lock_contents as \"$$\\n$0\\n\"\n# - first line is the PID, second line is the program name. These are\n# not key=value pairs, so without a guard they trip\n# check_malformed_session_line as a CRITICAL false positive.\n#\n# The CVE-2026-41940 exploit vector is the session file content, not the\n# lock file, so a lock file that doesn't look right is not by itself an\n# exploitation indicator. Emit a stderr notice for operator awareness and\n# leave the SCAN SUMMARY counters alone.\ncheck_lock_file() {\n    local lock_file=\"$1\"\n    local first_line\n    first_line=$(grep -m1 -v '^[[:space:]]*$' \"$lock_file\" 2>/dev/null)\n    if [[ \"$first_line\" =~ ^[0-9]+$ ]]; then\n        return\n    fi\n    echo \"[NOTICE] Skipping unexpected .lock contents: $lock_file\" >&2\n}\n\n# ---------------------------------------------------------------------------\n# Main\n# ---------------------------------------------------------------------------\n\nscan_sessions() {\n    local session_file\n    while IFS= read -r -d '' session_file; do\n        # SafeFile dotlocks come in two forms: .lock (the\n        # final lock) and .lock- (the temp\n        # name SafeFile writes before atomic-renaming into place; it\n        # can also be left behind on crash). Skip both.\n        #\n        # Vim creates a .swp swap file alongside any file it opens,\n        # so an operator inspecting a session in vim leaves one\n        # behind. The format is binary and not a session.\n        case \"$session_file\" in\n            *.lock | *.lock-*)\n                check_lock_file \"$session_file\"\n                continue\n                ;;\n            *.swp)\n                continue\n                ;;\n        esac\n        check_token_denied_with_injected_token \"$session_file\"\n        check_preauth_with_auth_attrs          \"$session_file\"\n        check_tfa_with_bad_origin              \"$session_file\"\n        check_malformed_session_line           \"$session_file\"\n        check_badpass_with_auth_markers        \"$session_file\"\n        check_failed_exploit_attempt           \"$session_file\"\n    done < <(find \"$SESSIONS_DIR/raw\" -type f -print0 2>/dev/null)\n}\n\n\nprint_summary() {\n    local total=$((COUNT_CRITICAL + COUNT_WARNING + COUNT_INFO + COUNT_ATTEMPT))\n\n    echo\n    echo \"=================================================================\"\n    echo \"                       SCAN SUMMARY\"\n    echo \"=================================================================\"\n    echo \"  CRITICAL findings: $COUNT_CRITICAL\"\n    echo \"  WARNING  findings: $COUNT_WARNING\"\n    echo \"  ATTEMPT  findings: $COUNT_ATTEMPT\"\n    echo \"  INFO     findings: $COUNT_INFO\"\n    echo \"  Total            : $total\"\n    echo \"-----------------------------------------------------------------\"\n\n    if [ \"$total\" -eq 0 ]; then\n        echo \"[+] No indicators of compromise found.\"\n        return\n    fi\n\n    # --purge has destructive blast radius (live session files for every\n    # logged-in user). Require either --yes for non-interactive use, or\n    # an explicit \"yes\" at an attached TTY.\n    if [ \"$PURGE\" -eq 1 ] && [ \"$ASSUME_YES\" -ne 1 ]; then\n        if [ ! -t 0 ]; then\n            echo \"[ERROR] --purge requires --yes when stdin is not a TTY (cron, pipes, etc)\" >&2\n            echo \"        Re-run with --yes to confirm deletion.\" >&2\n            exit 64\n        fi\n        echo\n        echo \"About to delete ${#FINDING_SESSIONS[@]} session file(s) plus matching preauth markers.\"\n        local confirm=\"\"\n        read -r -p \"Type 'yes' to confirm: \" confirm\n        if [ \"$confirm\" != \"yes\" ]; then\n            echo \"[+] Aborted; no files deleted.\"\n            PURGE=0\n        fi\n    fi\n\n\n    # For each unique session, print only the highest-severity finding, then dump/purge as needed.\n    local i session token severity message found=0\n    for i in \"${!FINDING_SESSIONS[@]}\"; do\n        session=\"${FINDING_SESSIONS[$i]}\"\n        token=\"${FINDING_TOKENS[$i]}\"\n        severity=\"${FINDING_SEVERITIES[$i]}\"\n        found=0\n        # Find the first matching finding for this session and severity.\n        # Use `read` with three names so the last variable (entry_msg)\n        # absorbs any remaining `|` characters - the previous `${var##*|}`\n        # form took only the suffix after the LAST `|`, which would\n        # silently truncate any future message that contained one.\n        for entry in \"${FINDINGS[@]}\"; do\n            local entry_sev entry_file entry_msg\n            IFS='|' read -r entry_sev entry_file entry_msg <<< \"$entry\"\n            if [ \"$entry_file\" = \"$session\" ] && [ \"$entry_sev\" = \"$severity\" ]; then\n                message=\"$entry_msg\"\n                found=1\n                break\n            fi\n        done\n        echo\n        echo \"=================================================================\"\n        echo \"  SESSION: $session\"\n        echo \"=================================================================\"\n        echo \"  Findings:\"\n        if [ \"$found\" -eq 1 ]; then\n            printf \"    [%-8s] %s\\n\" \"$severity\" \"$message\"\n        else\n            printf \"    [%-8s] %s\\n\" \"$severity\" \"(no message found)\"\n        fi\n        echo\n        if [ \"$VERBOSE\" -eq 1 ]; then\n            dump_session \"$session\" \"$token\"\n        fi\n        if [ \"$PURGE\" -eq 1 ]; then\n            echo \"    [ACTION] Deleting session file: $session\"\n            rm -f -- \"$session\"\n            local preauth_marker=\"$SESSIONS_DIR/preauth/$(basename \"$session\")\"\n            if [ -e \"$preauth_marker\" ]; then\n                echo \"    [ACTION] Deleting preauth marker: $preauth_marker\"\n                rm -f -- \"$preauth_marker\"\n            fi\n        fi\n    done\n\n    if [ \"$COUNT_CRITICAL\" -gt 0 ] || [ \"$COUNT_WARNING\" -gt 0 ]; then\n        echo\n        echo \"[!] INDICATORS OF COMPROMISE DETECTED - IMMEDIATE ACTION REQUIRED\"\n        echo \"    1. Purge all affected sessions\"\n        echo \"    2. Force password reset for root and all WHM users\"\n        echo \"    3. Audit /var/log/wtmp and WHM access logs for unauthorized access\"\n        echo \"    4. Check for persistence mechanisms (cron, SSH keys, backdoors)\"\n    fi\n}\n\nif [ ! -d \"$SESSIONS_DIR/raw\" ]; then\n    echo \"[ERROR] Sessions directory not found: $SESSIONS_DIR/raw\" >&2\n    echo \"        Pass --sessions-dir DIR to point at a different location\" >&2\n    echo \"        (the default is /var/cpanel/sessions).\" >&2\n    exit 64\nfi\n\necho \"[*] Scanning session files for injection indicators...\"\nscan_sessions\nprint_summary\n\n# Exit codes (for cron / monitoring):\n#   2 - at least one CRITICAL or WARNING finding (compromise indicators)\n#   1 - only ATTEMPT or INFO findings (probing, no confirmed compromise)\n#   0 - clean scan\nif [ \"$COUNT_CRITICAL\" -gt 0 ] || [ \"$COUNT_WARNING\" -gt 0 ]; then\n    exit 2\nelif [ \"$COUNT_ATTEMPT\" -gt 0 ] || [ \"$COUNT_INFO\" -gt 0 ]; then\n    exit 1\nfi\nexit 0", "creation_timestamp": "2026-05-05T22:15:49.000000Z"}, {"uuid": "57bac052-b56f-4ca3-9010-b6a54bedb800", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://t.me/thehackernews/8922", "content": "CVE-2026-41940 (cPanel) exploited within 24h\n\n\u2022 44,000 IPs linked to scanning/brute-force activity\n\u2022 Targets: Southeast Asia gov/military + MSPs\n\u2022 Enables auth bypass \u2192 full system control\n\u2022 Mirai variants and Sorry ransomware observed \n\nRead: https://thehackernews.com/2026/05/critical-cpanel-vulnerability.html", "creation_timestamp": "2026-05-04T09:29:14.000000Z"}, {"uuid": "f9d0c2f6-c21a-44d0-9a37-9200e40351c5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3ml5nsllfhs2z", "content": "Top 3 CVE for last 7 days:\nCVE-2026-31431: 561 interactions\nCVE-2026-41940: 122 interactions\nCVE-2026-3854: 42 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-41940: 40 interactions\nCVE-2026-31431: 21 interactions\nCVE-2026-23918: 12 interactions\n", "creation_timestamp": "2026-05-06T02:30:08.374424Z"}, {"uuid": "705eb119-daea-4d0f-846e-1715097b70d4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/opsmatters.com/post/3ml5nypn3wc2z", "content": "The latest update for #BitSight includes \"The UK Government's Open Letter on #AI Cyber Threats Underscores the Need for Measurable Security\" and \"Critical Vulnerability Alert: CVE-2026-41940 in cPanel, WHM, and WP Squared\".\n \n#Cybersecurity #RiskManagement https://opsmtrs.com/43KoF0t", "creation_timestamp": "2026-05-06T02:33:32.366130Z"}, {"uuid": "ce2875c7-38d0-400e-b670-61a96bb21741", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/pigondrugs.bsky.social/post/3ml5gvniyjg2f", "content": "~Watchtowr~\nA critical auth bypass (CVE-2026-41940) in all supported cPanel & WHM versions allows root access and is actively exploited in the wild.\n-\nIOCs: CVE-2026-41940\n-\n#CVE202641940 #ThreatIntel #cPanel", "creation_timestamp": "2026-05-06T00:26:33.789260Z"}, {"uuid": "2066e949-de1d-43a6-991b-06d5f7f5d241", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://t.me/GithubRedTeam/82972", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a cpanelCVE\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a bughunt4me\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-05 23:59:37\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nCVE-2026-41940 Auto Root Login\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-06T00:00:05.000000Z"}, {"uuid": "dee7b349-b113-4e50-b8f9-68948d1afcb5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/cerberusit.bsky.social/post/3ml6lcbiaxn2q", "content": "In a shocking turn of events that surprised absolutely no one in the basement, CVE-2026-41940 has generously granted root-level control of 40,000 servers to anyone with a keyboard. This little gift affects government and critical infrastructure entities who somehow forgot that cP...\n\nRead full story", "creation_timestamp": "2026-05-06T11:17:51.688557Z"}, {"uuid": "09dd8ace-2c5f-4335-97d6-5f53570a4979", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-05-05)", "content": "", "creation_timestamp": "2026-05-05T00:00:00.000000Z"}, {"uuid": "725426a1-d428-4839-b2da-631fa9ed989b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3ml6ynj5ngs2h", "content": "4/ \ud83d\udd13 cPanel CVE-2026-41940 (CVSS 9.8) is being actively exploited. 1.5M servers exposed. Ransomware gang already running. CISA added it to KEV. If you run cPanel or WHM: PATCH. NOW. Not after this thread.", "creation_timestamp": "2026-05-06T15:16:49.681396Z"}, {"uuid": "572de9db-8fbd-4309-a573-7db9ccff7066", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/evilbitlabs.io/post/3ml6msxh5pz2l", "content": "New Threat Digest is up. VENOMOUS#HELPER (Securonix) deploys dual RMM on 80+ orgs. cPanel auth bypass (CVE-2026-41940) is in CISA KEV, deadline passed. APT28 keeps hijacking MikroTik and TP-Link routers to steal Microsoft 365 tokens.\n\nhttps://news.evilbitlabs.io/2026-05-06-evilbit-threat-digest/", "creation_timestamp": "2026-05-06T11:45:05.688630Z"}, {"uuid": "fc192128-5d4c-4135-95f1-c45bf1f16345", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.info.ve/post/3ml6pmig5dk2d", "content": "\ud83d\udfe2 C\u00f3mo solucionar la #vulnerabilidad CVE-2026-41940 en cPanel/WHM: #Parche de seguridad urgente para #acceso root www.newstecnicas.info.ve/2026/05/solu...", "creation_timestamp": "2026-05-06T12:35:09.409311Z"}, {"uuid": "9d68a5ef-b75e-4303-bc60-e553d85fa695", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/cwealthsentinel.bsky.social/post/3ml6rz7b7zz2o", "content": "Hackers target governments and MSPs via critical cPanel flaw CVE-2026-41940", "creation_timestamp": "2026-05-06T13:18:05.086627Z"}, {"uuid": "9f6f97c4-9738-4e36-bc04-521aa7115a8f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3ml6ynj5x7c2h", "content": "4/ \ud83d\udd13 cPanel CVE-2026-41940 (CVSS 9.8) is being actively exploited. 1.5M servers exposed. Ransomware gang already running. CISA added it to KEV. If you run cPanel or WHM: PATCH. NOW. Not after this thread.", "creation_timestamp": "2026-05-06T15:16:50.283660Z"}, {"uuid": "ed1d78f4-ff57-4eee-b6c1-3ba3cb5a3f62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3ml6ynj5y6k2h", "content": "4/ \ud83d\udd13 cPanel CVE-2026-41940 (CVSS 9.8) is being actively exploited. 1.5M servers exposed. Ransomware gang already running. CISA added it to KEV. If you run cPanel or WHM: PATCH. NOW. Not after this thread.", "creation_timestamp": "2026-05-06T15:16:50.960329Z"}, {"uuid": "5d61dcd3-7c8e-4c61-8e65-dd7b62b0b78e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3ml6ynj5z5s2h", "content": "4/ \ud83d\udd13 cPanel CVE-2026-41940 (CVSS 9.8) is being actively exploited. 1.5M servers exposed. Ransomware gang already running. CISA added it to KEV. If you run cPanel or WHM: PATCH. NOW. Not after this thread.", "creation_timestamp": "2026-05-06T15:16:51.529400Z"}, {"uuid": "1535952c-58d9-4688-98b0-55557b1e6b54", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3ml6ynj62522h", "content": "4/ \ud83d\udd13 cPanel CVE-2026-41940 (CVSS 9.8) is being actively exploited. 1.5M servers exposed. Ransomware gang already running. CISA added it to KEV. If you run cPanel or WHM: PATCH. NOW. Not after this thread.", "creation_timestamp": "2026-05-06T15:16:52.058541Z"}, {"uuid": "bfbc4358-722a-4389-8023-7fa6db77d6c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3ml6ynj634c2h", "content": "4/ \ud83d\udd13 cPanel CVE-2026-41940 (CVSS 9.8) is being actively exploited. 1.5M servers exposed. Ransomware gang already running. CISA added it to KEV. If you run cPanel or WHM: PATCH. NOW. Not after this thread.", "creation_timestamp": "2026-05-06T15:16:52.610348Z"}, {"uuid": "1d2bf709-1669-4d4e-9d84-81792c8f8b3c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3ml6ynj634d2h", "content": "4/ \ud83d\udd13 cPanel CVE-2026-41940 (CVSS 9.8) is being actively exploited. 1.5M servers exposed. Ransomware gang already running. CISA added it to KEV. If you run cPanel or WHM: PATCH. NOW. Not after this thread.", "creation_timestamp": "2026-05-06T15:16:53.341268Z"}, {"uuid": "1716b310-6f23-4690-87f6-ebc82b1d9d52", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3ml6ynj643l2h", "content": "4/ \ud83d\udd13 cPanel CVE-2026-41940 (CVSS 9.8) is being actively exploited. 1.5M servers exposed. Ransomware gang already running. CISA added it to KEV. If you run cPanel or WHM: PATCH. NOW. Not after this thread.", "creation_timestamp": "2026-05-06T15:16:54.036168Z"}, {"uuid": "7b304cbe-4151-4caf-ac2b-c94541793bd4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sergioiker.bsky.social/post/3ml6ynj66232h", "content": "4/ \ud83d\udd13 cPanel CVE-2026-41940 (CVSS 9.8) is being actively exploited. 1.5M servers exposed. Ransomware gang already running. CISA added it to KEV. If you run cPanel or WHM: PATCH. NOW. Not after this thread.", "creation_timestamp": "2026-05-06T15:16:54.582599Z"}, {"uuid": "b5b96036-b3ac-4f17-bd28-b6fb98870e4a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "published-proof-of-concept", "source": "https://t.me/Securi3yTalent/224", "content": "CVE-2026\u201341940: Bug Bounty Hunter\u2019s Guide to cPanel\u2019s CRLF Authentication Bypass \n\nhttps://medium.com/the-malware-files/cve-2026-41940-bug-bounty-hunters-guide-to-cpanel-s-crlf-authentication-bypass-0d7155626136", "creation_timestamp": "2026-05-05T04:40:34.000000Z"}, {"uuid": "7118f082-dd02-43f0-b54c-8c3aa7e9a4cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://t.me/GithubRedTeam/83071", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-41940-Detection\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a Unfold-Security\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a None\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-06 12:11:50\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nDetection signatures for CVE-2026-41940 and shemas for cPanel logs\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-06T15:00:04.000000Z"}, {"uuid": "b2ce6409-815d-43b7-9aa3-c87a0e5bc8c7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "exploited", "source": "https://t.me/information_security_channel/55210", "content": "Over 40,000 Servers Compromised in Ongoing cPanel Exploitation\nhttps://www.securityweek.com/over-40000-servers-compromised-in-ongoing-cpanel-exploitation/\n\nThe attacks likely target CVE-2026-41940, a recently patched zero-day leading to administrative access.\nThe post Over 40,000 Servers Compromised in Ongoing cPanel Exploitation (https://www.securityweek.com/over-40000-servers-compromised-in-ongoing-cpanel-exploitation/) appeared first on SecurityWeek (https://www.securityweek.com/).", "creation_timestamp": "2026-05-04T12:16:55.000000Z"}, {"uuid": "0aedfe8a-2fe7-4ecf-bfcf-2c0cdfca1265", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/infosecbot.bsky.social/post/3ml7iarx2pg2u", "content": "Rapid reaction gets you ahead. \n\n1 day before CISA added CVE-2026-41940 to KEV, an Authentication Bypass vulnerability in cPanel & WHM, watchTowr clients were aware of their exposure.\n\nReach out via our website if yo\u2026\n\n\u2014 from @watchtowrcyber (https://x.com/watchtowrcyber/status/2052111836166721552)", "creation_timestamp": "2026-05-06T19:56:00.918021Z"}, {"uuid": "9107b26b-6f48-4a2e-bd49-51ea37bcdfe3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mla6bbmmbf2m", "content": "Top 3 CVE for last 7 days:\nCVE-2026-31431: 516 interactions\nCVE-2026-41940: 123 interactions\nCVE-2025-31431: 29 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-0300: 19 interactions\nCVE-2026-31431: 8 interactions\nCVE-2026-23918: 5 interactions\n", "creation_timestamp": "2026-05-07T02:29:59.371813Z"}, {"uuid": "1af7be2f-ee2a-453c-a4de-caec05be46bc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3ml7izdghqs2z", "content": "cPanel\u3068WHM\u306e\u91cd\u5927\u306a\u8106\u5f31\u6027\u304c\u6570\u30f6\u6708\u306b\u308f\u305f\u308a\u30bc\u30ed\u30c7\u30a4\u653b\u6483\u3068\u3057\u3066\u60aa\u7528\u3055\u308c\u3066\u3044\u305f\n\nCVE-2026-41940\uff08CVSS\u30b9\u30b3\u30a29.8\uff09\u3068\u3057\u3066\u8ffd\u8de1\u3055\u308c\u3066\u3044\u308b\u3053\u306e\u8106\u5f31\u6027\u306f\u30014\u670828\u65e5\u306b\u516c\u8868\u3055\u308c\u305f\u3002cPanel\u306f\u3001\u30d0\u30fc\u30b8\u30e7\u30f311.40\u4ee5\u964d\u306e\u3059\u3079\u3066\u306e\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u304c\u5f71\u97ff\u3092\u53d7\u3051\u308b\u3068 \u8b66\u544a\u3057\u3001\u5373\u6642\u306e\u30d1\u30c3\u30c1\u9069\u7528\u3092\u4fc3\u3057\u305f\u304c\u3001\u6280\u8853\u7684\u306a\u60c5\u5831\u306f\u516c\u958b\u3057\u306a\u304b\u3063\u305f\u3002\n\n\u3053\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4e0a\u306e\u6b20\u9665\u306f\u30ed\u30b0\u30a4\u30f3\u30d5\u30ed\u30fc\u306b\u5f71\u97ff\u3092\u4e0e\u3048\u3001\u8a8d\u8a3c\u3055\u308c\u3066\u3044\u306a\u3044\u30ea\u30e2\u30fc\u30c8\u653b\u6483\u8005\u304c\u30b3\u30f3\u30c8\u30ed\u30fc\u30eb\u30d1\u30cd\u30eb\u3078\u306e\u7ba1\u7406\u8005\u6a29\u9650\u3092\u53d6\u5f97\u3057\u3001\u4e8b\u5b9f\u4e0a\u30b7\u30b9\u30c6\u30e0\u4e57\u3063\u53d6\u308a\u306b\u3064\u306a\u304c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308b\u3002\n\n\u30ab\u30ca\u30c0\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30bb\u30f3\u30bf\u30fc\u304c\u6307\u6458\u3059\u308b\u3088\u3046\u306b\u3001\u3053\u306e\u8106\u5f31\u6027\u3092\u60aa\u7528\u3055...", "creation_timestamp": "2026-05-06T20:09:47.101075Z"}, {"uuid": "a0967624-1762-4d19-a66c-4685f5bd4e88", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/kitafox.bsky.social/post/3ml7z7q66wr26", "content": "CISA\u304c\u65e2\u77e5\u306e\u60aa\u7528\u3055\u308c\u305f\u8106\u5f31\u6027\u30921\u4ef6\u30ab\u30bf\u30ed\u30b0\u306b\u8ffd\u52a0 \n\nCISA Adds One Known Exploited Vulnerability to Catalog  #CISA (Apr 30)\n\nCVE-2026-41940  WebPros cPanel & WHM\u304a\u3088\u3073WP2\uff08WordPress Squared\uff09\u306b\u304a\u3051\u308b\u91cd\u8981\u6a5f\u80fd\u306e\u8a8d\u8a3c\u6b20\u843d\u306e\u8106\u5f31\u6027 \n\nwww.cisa.gov/news-events/...", "creation_timestamp": "2026-05-07T00:59:38.630426Z"}, {"uuid": "ea3aae9c-fc23-4d92-b8db-2b8e3d6ba98b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-41940", "type": "seen", "source": "https://bsky.app/profile/sambowne.infosec.exchange.ap.brid.gy/post/3ml7not5ukzz2", "content": "The Internet Is Falling Down, Falling Down, Falling Down (cPanel and WHM Authentication Bypass CVE-2026-41940) https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940/", "creation_timestamp": "2026-05-06T21:33:27.081147Z"}, {"uuid": "06992dcd-3ef8-4841-96b4-caedca28d6ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/83119", "content": "\ud83d\udea8 GitHub \u76d1\u63a7\u6d88\u606f\u63d0\u9192\n\n\ud83d\udea8 \u53d1\u73b0\u5173\u952e\u8bcd\uff1a #CVE-2026\n\n\ud83d\udce6 \u9879\u76ee\u540d\u79f0\uff1a CVE-2026-41940\n\ud83d\udc64 \u9879\u76ee\u4f5c\u8005\uff1a murrez\n\ud83d\udee0 \u5f00\u53d1\u8bed\u8a00\uff1a Python\n\u2b50 Star\u6570\u91cf\uff1a 0  |  \ud83c\udf74 Fork\u6570\u91cf\uff1a 0\n\ud83d\udcc5 \u66f4\u65b0\u65f6\u95f4\uff1a 2026-05-06 21:59:57\n\n\ud83d\udcdd \u9879\u76ee\u63cf\u8ff0\uff1a\nPoC for CVE-2026-41940: WHM/cPanel authentication bypass chain (Python 2.7). For authorized security research and testing only.\n\n\ud83d\udd17 \u70b9\u51fb\u8bbf\u95ee\u9879\u76ee\u5730\u5740", "creation_timestamp": "2026-05-06T22:00:04.000000Z"}, {"uuid": "fc400e68-2c5e-4b67-87d8-d14522649d2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/ebibibibibibi.bsky.social/post/3mlaqqgc5ab2l", "content": "https://www.ebisuda.net/tech/2026/05/04/microsoft-defenderdigicertit-microsoft-defender-wrongly-flags-digicert-certs-as/\n3. cPanel\u306e\u6df1\u523b\u306a\u8a8d\u8a3c\u30d0\u30a4\u30d1\u30b9\u8106\u5f31\u6027\uff08CVE-2026-41940\uff09\u304c\u5927\u898f\u6a21\u60aa\u7528\u4e2d\u2014\u2014\u300cSorry\u300d\u30e9\u30f3\u30b5\u30e0\u30a6\u30a7...", "creation_timestamp": "2026-05-07T08:00:34.837439Z"}, {"uuid": "39380abc-b9d2-40da-8d9e-4dba7a61aea7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/infosecbot.bsky.social/post/3mlavezowcf2s", "content": "Good write-up by Unfold on detecting CVE-2026-41940, the #cPanel & WHM auth bypass analyzed by watchTowr\n\nWhat I like about it: they don\u2019t stop at detecting the PoC\n\nThey look at the exploit flow and focus on the parts that are\u2026\n\n\u2014 from @cyb3rops (https://x.com/cyb3rops/status/2052315078901264881)", "creation_timestamp": "2026-05-07T09:23:41.706166Z"}, {"uuid": "640c5537-9c33-444a-928f-8e59c4d11d51", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "exploited", "source": "The Shadowserver (honeypot/exploited-vulnerabilities) - (2026-05-06)", "content": "", "creation_timestamp": "2026-05-06T00:00:00.000000Z"}, {"uuid": "20bc52b1-3fda-451f-ad37-4d182422a7d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/newstecnicas.info.ve/post/3mlbytnffic22", "content": "\ud83d\udfe2 C\u00f3mo solucionar la #vulnerabilidad CVE-2026-41940 en cPanel/WHM: Parche de seguridad urgente para acceso root www.newstecnicas.com/2026/05/solu...", "creation_timestamp": "2026-05-07T19:58:16.934744Z"}, {"uuid": "c2e07268-6dd9-4e0e-a89f-19242377c5d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "The Shadowserver (honeypot/common-vulnerabilities) - (2026-05-06)", "content": "", "creation_timestamp": "2026-05-06T00:00:00.000000Z"}, {"uuid": "fb66d9a1-ed06-4f08-92f0-2c782e0ae762", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/cerberusit.bsky.social/post/3mlb4j5ozkn2s", "content": "CVE-2026-41940 has graciously turned 40,000 web hosting environments into a playground for ransomware and botnet enthusiasts everywhere. Administrative root-level control is now being distributed to anyone with malicious intent, proving once again that web hosting is just a serie...\n\nRead full story", "creation_timestamp": "2026-05-07T11:31:15.645969Z"}, {"uuid": "d93bbe04-2ca7-439e-9e8c-212c05aaa77e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-41940", "type": "seen", "source": "https://bsky.app/profile/getpokemon7.bsky.social/post/3mlc5glff5c2k", "content": "\u91cd\u8981\u306acPanel\u304a\u3088\u3073WHM\u30d0\u30b0\u304c\u30bc\u30ed\u30c7\u30a4\u3068\u3057\u3066\u60aa\u7528\u3055\u308c\u3001PoC\u304c\u5229\u7528\u53ef\u80fd\u306b\u306a\u308a\u307e\u3057\u305f\n\ncPanel\u3001WHM\u3001WP Squared \u306b\u304a\u3051\u308b\u91cd\u5927\u306a CVE-2026-41940 \u8a8d\u8a3c\u30d0\u30a4\u30d1\u30b9\u8106\u5f31\u6027\u306f\u3001\u5b9f\u969b\u306b\u7a4d\u6975\u7684\u306b\u60aa\u7528\u3055\u308c\u3066\u304a\u308a\u30012\u6708\u4e0b\u65ec\u4ee5\u964d\u3001\u8a66\u307f\u306e\u4e2d\u3067\u6d3b\u7528\u3055\u308c\u3066\u3044\u307e\u3059\u3002\n\n\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u304c\u3044\u3064\u958b\u59cb\u3055\u308c\u305f\u304b\u306f\u4e0d\u660e\u3067\u3059\u304c\u3001cPanel \u3092\u4f7f\u7528\u3059\u308b\u30db\u30b9\u30c6\u30a3\u30f3\u30b0\u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\u3067\u3042\u308b KnownHost \u306f\u3001\u8106\u5f31\u6027\u304c\u516c\u958b\u3055\u308c\u305f\u65e5\u306b\u300c\u5b9f\u969b\u306b\u6210\u529f\u3057\u305f\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u304c\u5b9f\u969b\u306b\u898b\u3089\u308c\u305f\u300d\u3068\u8ff0\u3079\u3001\u4fee\u6b63\u304c\u5229\u7528\u53ef\u80fd\u306b\u306a\u308b\u524d\u3067\u3042\u308b\u3068\u8ff0\u3079\u307e\u3057\u305f\u3002", "creation_timestamp": "2026-05-07T21:20:28.268156Z"}]}