A sophisticated hacking campaign hit South-East Asian government and military targets by exploiting CVE-2026-41940, a critical CVSS 9.8 authentication bypass in cPanel and WHM. Attackers gained root-level access without valid credentials before a patch dropped on April 28, 2026. Beyond cPanel, hackers also cracked an Indonesian defense training portal using a CAPTCHA bypass and SQL injection, escalating to full OS access via PostgreSQL. The operation ended with 110 files (~4.37GB) stolen from the China Railway Society, including financial records with national ID numbers and bank details. Shadowserver tracked 44,000 IPs actively scanning for vulnerable servers. Patch cPanel immediately.
Source: Cybersecurity News