Over 40,000 Servers Compromised in Ongoing cPanel Exploitation

Monday, May 4, 2026 at 08:25 AM UTC·Source: SecurityWeek

Updated: Monday, May 4, 2026 at 09:00 AM UTC

Executive Summary

The attacks likely target CVE-2026-41940, a recently patched zero-day leading to administrative access. The post Over 40,000 Servers Compromised in Ongoing cPanel Exploitation appeared first on SecurityWeek .

Analysis

Indicators of Compromise (1)

CVE (1)

CVE-2026-41940

NVD MITRE CVE

Source Attribution

Originally published by SecurityWeek on May 4, 2026.

Related Threats

CRITICALZero Day

CISA gives feds four days to patch Ivanti flaw exploited as zero-day

CISA has given U.S. federal agencies four days to secure their networks against a high-severity vulnerability in Ivanti Endpoint Manager Mobile (EPMM) exploited in zero-day attacks. [...]

1d agoBleepingComputer

CRITICALZero Day

New Linux 'Dirty Frag' zero-day gives root on all major distros

A new Linux zero-day vulnerability, named Dirty Frag, allows local attackers to gain root privileges on most major Linux distributions with a single command. [...]

1d agoBleepingComputer

CRITICALZero Day

Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks

CVE-2026-6973 is a high-severity vulnerability that allows an attacker who has admin privileges to execute arbitrary code. The post Ivanti Patches EPMM Zero-Day Exploited in Targeted Attacks appeared first on SecurityWeek .

CVE-2026-6973

1d agoSecurityWeek