Exploit Cyber-Frenzy Threatens Millions via cPanel Vulnerability

A critical authentication bypass vulnerability in cPanel, WHM, and WP Squared (CVE-2026-41940, CVSS 9.8) is under heavy exploitation within 24 hours of public disclosure. Multiple proof-of-concept exploits appeared immediately after disclosure, including one from WatchTowr Labs. Evidence suggests zero-day exploitation had been ongoing for at least 30 days prior. Censys scans found ~15,000 potentially compromised instances within the first day, with attacks deploying Mirai botnet variants and a '.sorry' ransomware. The flaw affects ~1.5 million exposed instances powering ~70 million domains. Security experts recommend immediate patching, credential rotation, session purging, and blocking TCP ports 2083, 2087, 2095, and 2096 as a temporary mitigation if patching is not immediately possible.