WHM
Coverage of WHM in the Nexus archive.
- Hackers are still exploiting the cPanel bug to gain control of thousands of websites
Hackers are exploiting a critical vulnerability in cPanel and WHM to gain control of thousands of websites, despite the bug being disclosed days ago. The vulnerability is still being targeted by hackers, who are hacking websites. This ongoing issue affects popular web hosting software.
- The Internet Is Falling Down- CPanel/WHM Authentication Bypass CVE-2026-41940
A critical authentication bypass vulnerability, CVE-2026-41940, has been discovered in CPanel/WHM, allowing attackers to bypass login screens and gain unauthorized access. The flaw, reported by Watchtowr Labs, has sparked widespread concern about server security.
- Critical cPanel and WHM bug exploited as a zero-day, PoC now available
A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel, WHM, and WP Squared is being actively exploited in the wild as a zero-day attack, with proof-of-concept (PoC) code now available. The flaw has been leveraged since late February, highlighting urgent security risks for users of these platforms.
- Bug of the year (so far): Nasty cPanel vulnerability probably exploited as a 0-day
A critical vulnerability in cPanel and WHM allows attackers to bypass authentication and gain root server access, with emergency patches now available. The flaw, likely exploited as a 0-day, affects millions of domains managed through the platform.