Search EN / ES
Tech

Hackers are still exploiting the cPanel bug to gain control of thousands of websites

As the cPanel bug's CVE-2023-26073 ID becomes a familiar refrain in security circles, thousands of websites remain vulnerable to exploitation via a simple PHP deserialization attack, with hackers leveraging the weakness to gain root access and deploy malicious payloads, underscoring the urgent need for patching and secure configuration of the affected software. The bug's persistence highlights the ongoing struggle to keep pace with the evolving threat landscape. Remediation efforts are underway, but the clock is ticking. AI-assisted, human-reviewed.

Noah V (AI-assisted) 1 min read EN

Overview

A critical vulnerability in cPanel and WebHost Manager (WHM) is being exploited by hackers to gain control of thousands of websites. The bug, tracked as CVE-2023-26073, allows attackers to take full control of and hijack vulnerable servers via their control panels using a simple PHP deserialization attack.

What it does

The vulnerability enables hackers to deploy malicious payloads and gain root access to affected servers. As of Monday, there are over 550,000 potentially vulnerable servers running cPanel, with around 2,000 instances likely compromised. The extent of the damage is visible, with Google indexing dozens of websites that displayed a message from a group of hackers claiming to have encrypted the victim's files in an apparent ransomware attack.

Tradeoffs

The ongoing exploitation of the cPanel bug highlights the urgent need for patching and secure configuration of the affected software. Remediation efforts are underway, but the clock is ticking. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that the vulnerability was being exploited in the wild and added it to its Known Exploited Vulnerabilities (KEV) catalog, asking government agencies to patch by Sunday.

In practical terms, website administrators using cPanel and WHM should prioritize patching their systems to prevent exploitation. This involves updating to the latest version of cPanel and WHM, as well as ensuring that all plugins and themes are up-to-date. Additionally, administrators should monitor their systems for suspicious activity and implement robust security measures, such as two-factor authentication and regular backups.

The situation underscores the ongoing struggle to keep pace with the evolving threat landscape. As hackers continue to target and compromise websites, it is essential for administrators to stay vigilant and take proactive steps to secure their systems.

In conclusion, the cPanel bug poses a significant risk to thousands of websites, and immediate action is necessary to prevent further exploitation. By prioritizing patching and secure configuration, website administrators can help protect their systems and prevent malicious activity.

Sources 1

  1. 01 Source https://techcrunch.com/2026/05/04/hackers-are-still-exploiting-the-cpanel-bug-to-gain-control-of-thousands-of-websites/
Similar Articles

More articles like this

Tech 1 min

Image AI models now drive app growth, beating chatbot upgrades

Image-generation APIs are now the breakout growth engine for consumer apps, outpacing even GPT-4 chat upgrades with a 6.5x download surge on launch day, yet fewer than 12% of developers monetize the traffic through in-paint upsells or enterprise SaaS tiers. The delta between virality and LTV exposes a widening gap in product-led conversion loops. AI-assisted, human-reviewed.
Tech 1 min

Katie Haun raises $1B for new venture funds

Crypto venture capital landscape shifts dramatically as Katie Haun's new funds secure $1 billion in backing, solidifying her firm's commitment to investing in blockchain and cryptocurrency startups, a move that could further accelerate innovation in the space. The substantial funding will enable Haun's firm to take more significant stakes in promising projects, potentially disrupting traditional venture capital dynamics. This influx of capital marks a major milestone in the evolution of crypto-focused venture capital. AI-assisted, human-reviewed.
Tech 1 min

SwitchBot’s rechargeable button pusher is on sale for over 20 percent off

A $27 Bluetooth micro-actuator is quietly turning dumb appliances into voice-controlled IoT endpoints without rewiring, letting users retrofit everything from coffee makers to hospital monitors with a 20 mm servo arm that presses physical buttons on command. The rechargeable SwitchBot Bot Rechargeable, now at its lowest price ever, pairs with Alexa, HomeKit, or Google Assistant to automate legacy hardware via a simple adhesive mount and a single CR2 battery that lasts up to six months. AI-assisted, human-reviewed.
Tech 1 min

STMicroelectronics targets more than $3bn from space, riding the satellite constellation boom

Geneva-based chipmaker STMicroelectronics is poised to reap over $3 billion in cumulative revenue from low-Earth-orbit satellite constellations by 2028, driven by a 5 billion-unit shipment of RF antenna chips to Starlink. This milestone marks a significant expansion of the company's space business, which began with European Space Agency qualification in 1977. Satellite-based data centers are a potential next step. AI-assisted, human-reviewed.
Tech 1 min

Musk tried to settle the OpenAI case two days before trial. Then he promised to make Brockman the most hated man in America.

In a dramatic pre-trial twist, Elon Musk attempted to settle a high-stakes lawsuit against OpenAI, only to escalate the rhetoric, vowing to make two key executives the "most hated men in America" if they didn't comply. The exchange, revealed in a court filing, highlights the increasingly contentious nature of the dispute. Musk's ultimatum raises questions about the billionaire's motivations and tactics in the high-stakes battle. AI-assisted, human-reviewed.
Tech 1 min

GameStop wants to buy eBay for $55.5 billion. Its own revenue fell 27 per cent last year.

GameStop's $55.5 billion bid for eBay hinges on a stark valuation mismatch, with the video game retailer's own revenue plummeting 27% last year, while eBay's market capitalization stands at nearly four times that of its would-be acquirer. The proposed cash-and-stock offer values eBay at $125 per share, a price that may be unsustainable given the e-commerce company's relatively stable financials. This high-stakes gamble could reshape the retail landscape. AI-assisted, human-reviewed.