- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
cPanel Zero-Day: 44K Servers Hacked, Millions of Websites Ransomed for 2 Months
A critical cPanel vulnerability (CVE-2026-41940) was exploited as a zero-day for 64 days, compromising over 44,000 servers and millions of websites. The Sorry ransomware gang mass-deployed encryption attacks while state actors used the same backdoor for espionage against Southeast Asian governments. With a CVSS score of 9.8, this authentication bypass flaw affected 1.5+ million internet-facing cPanel servers globally.
🕐 TIMESTAMPS:
0:00 The Secret Backdoor Revealed
0:22 CVE-2026-41940 Explained
0:34 How the Exploit Works
0:56 Sorry Ransomware Attacks
1:14 State Actor Espionage Campaign
1:20 CISA Emergency Response
1:32 What Developers Need to Know
1:44 The Bigger Infrastructure Attack Pattern
This web hosting security breach demonstrates how attackers are increasingly targeting trusted infrastructure rather than individual applications. The two-step exploit used CRLF injection and malformed cookies to bypass cPanel's authentication entirely, giving attackers full admin access without passwords or 2FA. If you use shared hosting, manage websites, or deploy applications to cPanel servers, this vulnerability directly impacts your security posture.
The patch (cPanel 11.126.0.6+) has been available since April 28, but millions of servers remain vulnerable due to delayed updates. Check your hosting provider's patch status immediately and audit access logs for suspicious activity since February 23.
👍 Like this video if it helped you understand the threat landscape
🔔 Subscribe for daily cybersecurity and tech infrastructure news
💬 Comment: Has your hosting provider confirmed they've patched this vulnerability?
Sources:
- BleepingComputer: https://www.bleepingcomputer.com/news/security/critrical-cpanel-flaw-mass-exploited-in-sorry-ransomware-attacks/
- The Hacker News: https://thehackernews.com/2026/05/critical-cpanel-vulnerability.html
- Help Net Security: https://www.helpnetsecurity.com/2026/04/30/cpanel-zero-day-vulnerability-cve-2026-41940-exploited/
- Rapid7: https://www.rapid7.com/blog/post/etr-cve-2026-41940-cpanel-whm-authentication-bypass/
- Picus Security: https://www.picussecurity.com/resource/blog/cve-2026-41940-explained-cpanel-whm-authentication-bypass-hit-1-5m-servers
- CyberScoop: https://cyberscoop.com/cpanel-authentication-bypass-vulnerability-cve-2026-41940-exploited/
Видео cPanel Zero-Day: 44K Servers Hacked, Millions of Websites Ransomed for 2 Months канала Code and Kush
🕐 TIMESTAMPS:
0:00 The Secret Backdoor Revealed
0:22 CVE-2026-41940 Explained
0:34 How the Exploit Works
0:56 Sorry Ransomware Attacks
1:14 State Actor Espionage Campaign
1:20 CISA Emergency Response
1:32 What Developers Need to Know
1:44 The Bigger Infrastructure Attack Pattern
This web hosting security breach demonstrates how attackers are increasingly targeting trusted infrastructure rather than individual applications. The two-step exploit used CRLF injection and malformed cookies to bypass cPanel's authentication entirely, giving attackers full admin access without passwords or 2FA. If you use shared hosting, manage websites, or deploy applications to cPanel servers, this vulnerability directly impacts your security posture.
The patch (cPanel 11.126.0.6+) has been available since April 28, but millions of servers remain vulnerable due to delayed updates. Check your hosting provider's patch status immediately and audit access logs for suspicious activity since February 23.
👍 Like this video if it helped you understand the threat landscape
🔔 Subscribe for daily cybersecurity and tech infrastructure news
💬 Comment: Has your hosting provider confirmed they've patched this vulnerability?
Sources:
- BleepingComputer: https://www.bleepingcomputer.com/news/security/critrical-cpanel-flaw-mass-exploited-in-sorry-ransomware-attacks/
- The Hacker News: https://thehackernews.com/2026/05/critical-cpanel-vulnerability.html
- Help Net Security: https://www.helpnetsecurity.com/2026/04/30/cpanel-zero-day-vulnerability-cve-2026-41940-exploited/
- Rapid7: https://www.rapid7.com/blog/post/etr-cve-2026-41940-cpanel-whm-authentication-bypass/
- Picus Security: https://www.picussecurity.com/resource/blog/cve-2026-41940-explained-cpanel-whm-authentication-bypass-hit-1-5m-servers
- CyberScoop: https://cyberscoop.com/cpanel-authentication-bypass-vulnerability-cve-2026-41940-exploited/
Видео cPanel Zero-Day: 44K Servers Hacked, Millions of Websites Ransomed for 2 Months канала Code and Kush
CISA CVE-2026-41940 Sorry ransomware authentication bypass cPanel cyber attack cybersecurity data breach hacking hosting provider infrastructure attacks ransomware security patch server compromise shared hosting threat intelligence web development web hosting security website security zero day vulnerability
Комментарии отсутствуют
Информация о видео
10 мая 2026 г. 23:04:15
00:03:27
Другие видео канала
Terminal Emulator written in rust programming - Alacritty
They Used HAIR DRYERS to Smuggle $2.5B in NVIDIA Chips #shorts
Someone Tried to BURN DOWN Sam Altman's House TWICE #shorts
Utah Just Let AI Prescribe PSYCHIATRIC Meds — Tennessee Said ABSOLUTELY NOT
Better the skills, more the 💸💸
Rust Automated Testing Explained | Unit Tests, Integration Tests & Panic Handling
U.S. Government GIVES UP Tracking Hackers #shorts
China Just BLOCKED Meta's $2B Deal — 4 Months Too Late #shorts
Rust Generics, Traits & Lifetimes Explained — Book Chapter 10 Project
I Swear I Didn't Make That Mistake! Ping Fail Turns Hilarious!
2.3 Million Android Phones Hacked — Factory Reset Won't Save You
One Guy Made $1.8B With AI & ZERO Employees #shorts
Litecoin's 13-Block Rollback: The Zero-Day Vulnerability They Knew About
NSA & 5 Agencies Warn: Your AI Agent Is a Threat #shorts
US Government Made $27 BILLION on Intel Stock (Nobody's Talking About This Trade)
Oracle Just Fired 30,000 People — By EMAIL #shorts
Q-Day Just Got 10x Closer — Quantum Computers Can Now Break YOUR Encryption
Rust Cargo Explained: The Hidden Power Behind Crates.io and Release Builds
Python Notebook HACKED in 10 Hours! Zero Auth = Root Shell #shorts
Rust Collections Explained Simply – Make Your App Smarter
Oracle Fires 30K Workers for $156B AI Bet #shorts
