Hackers are still exploiting the cPanel bug to gain control over thousands of sites

Almost a week after the developers of popular web server software cPanel and WebHost Manager (WHM) warned users of a serious bug in its software, hackers are still targeting thousands of websites that use the vulnerable software.

From Monday there are more than 550,000 potentially vulnerable servers running cPanel, a number that has been stable for days. And it’s available now about 2,000 cPanel cases may have spiked, starting at around 44,000 on Thursday. These statistics are published by Shadowserver, a non-profit organization that monitors and monitors the Internet for cyber crime.

On Thursday, security researchers warned of this Hackers started compromising servers running cPanel and WHMtaking advantage of a bug that allows attackers to control and hijack vulnerable servers through their control panels.

As Bleeping Computer saidThe extent of the damage is evident by the fact that Google are indexed many websites that once displayed a message from a group of hackers claiming to have encrypted the victim’s files in what appears to be a ransomware attack. Some of these pages now open correctly.

The ransom included a social media ID so victims could contact the hackers, who did not immediately respond to TechCrunch’s request for comment.

The US Cybersecurity and Infrastructure Security Agency (CISA) warned on Thursday that the vulnerability – codenamed CVE-2026-41940 – is being exploited in the wild, and he added to its directory of Known Exploited Vulnerabilities (KEV). CISA asked the government agencies to be operational by Sunday. CISA did not immediately respond to a request for comment, asking if it could confirm whether the government agencies installed their servers.

Attacks on servers running cPanel and WHM may have been going on for much longer than the vulnerability was disclosed. According to KnownHost CEO Daniel Pearsonhis company has noticed protests since February 23.

Management at Webpros, the company that makes cPanel and WHM and claims to power 60 million domains, did not respond to a request for comment.