> TritonInfoSec News
Home / May 02, 2026 / Story
0
#2 BleepingComputer general April 30, 2026 at 11:40 UTC

Critical cPanel and WHM bug exploited as a zero-day, PoC now available

By Bill Toulas

AI Summary

CVE-2026-41940, a critical authentication bypass vulnerability in cPanel and WHM, has been actively exploited as a zero-day since late February 2026. CISA has ordered federal agencies to patch by Sunday, as successful exploitation grants attackers complete control over cPanel host systems, configurations, databases, and managed websites.

Read full article → https://www.bleepingcomputer.com/news/security/cri…

Relevance score: 92.0/100

# More from May 02

  1. 1
    Nearly every Linux system built since 2017 vulnerable to ‘Copy Fail’ flaw The Record
  2. 3
    76% of All Crypto Stolen in 2026 Is Now in North Korea Dark Reading
  3. 4
    30,000 Facebook Accounts Hacked via Google AppSheet Phishing Campaign The Hacker News
  4. 5
    15-year-old detained over French govt agency data breach BleepingComputer
  5. 6
    Cyber incident responders who carried out ransomware attacks given 4-year sentences The Record
  6. 7
    Cybercrime Groups Using Vishing and SSO Abuse in Rapid SaaS Extortion Attacks The Hacker News
  7. 8
    China-Linked Hackers Target Asian Governments, NATO State, Journalists, and Activists The Hacker News
  8. 9
    Poisoned Ruby Gems and Go Modules Exploit CI Pipelines for Credential Theft The Hacker News
  9. 10
    New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials The Hacker News