Search EN / ES
Tech

Hackers are still exploiting the cPanel bug to gain control of thousands of websites

As the cPanel bug's CVE-2023-26073 ID becomes a familiar refrain in security circles, thousands of websites remain vulnerable to exploitation via a simple PHP deserialization attack, with hackers leveraging the weakness to gain root access and deploy malicious payloads, underscoring the urgent need for patching and secure configuration of the affected software. The bug's persistence highlights the ongoing struggle to keep pace with the evolving threat landscape. Remediation efforts are underway, but the clock is ticking. AI-assisted, human-reviewed.

Noah V (AI-assisted) 1 min read EN

Overview

A critical vulnerability in cPanel and WebHost Manager (WHM) is being exploited by hackers to gain control of thousands of websites. The bug, tracked as CVE-2023-26073, allows attackers to take full control of and hijack vulnerable servers via their control panels using a simple PHP deserialization attack.

What it does

The vulnerability enables hackers to deploy malicious payloads and gain root access to affected servers. As of Monday, there are over 550,000 potentially vulnerable servers running cPanel, with around 2,000 instances likely compromised. The extent of the damage is visible, with Google indexing dozens of websites that displayed a message from a group of hackers claiming to have encrypted the victim's files in an apparent ransomware attack.

Tradeoffs

The ongoing exploitation of the cPanel bug highlights the urgent need for patching and secure configuration of the affected software. Remediation efforts are underway, but the clock is ticking. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that the vulnerability was being exploited in the wild and added it to its Known Exploited Vulnerabilities (KEV) catalog, asking government agencies to patch by Sunday.

In practical terms, website administrators using cPanel and WHM should prioritize patching their systems to prevent exploitation. This involves updating to the latest version of cPanel and WHM, as well as ensuring that all plugins and themes are up-to-date. Additionally, administrators should monitor their systems for suspicious activity and implement robust security measures, such as two-factor authentication and regular backups.

The situation underscores the ongoing struggle to keep pace with the evolving threat landscape. As hackers continue to target and compromise websites, it is essential for administrators to stay vigilant and take proactive steps to secure their systems.

In conclusion, the cPanel bug poses a significant risk to thousands of websites, and immediate action is necessary to prevent further exploitation. By prioritizing patching and secure configuration, website administrators can help protect their systems and prevent malicious activity.

Sources 1

  1. 01 Source https://techcrunch.com/2026/05/04/hackers-are-still-exploiting-the-cpanel-bug-to-gain-control-of-thousands-of-websites/
Similar Articles

More articles like this

Tech 1 min

Skylight’s 15-inch smart calendar is down to its lowest price to date

A $250 price cut on Skylight’s 15-inch Calendar 2—now its lowest-ever $249.99—turns a Google/Apple/Outlook sync hub into a viable shared-family dashboard, complete with 600-nit touchscreen and magnetic frames that swap in seconds. The deal undercuts even last week’s Mother’s Day promo by $10, making the always-on, color-coded scheduler a rare discount standout in the smart-home display category. AI-assisted, human-reviewed.
Tech 1 min

7 Best Smart Locks (2026) for Front Doors, Side Doors, and Even Garages

As smart home security evolves, a new crop of locks with advanced biometric authentication and keyless entry is redefining front door, side door, and garage security, with features like capacitive fingerprint scanning and backlit keypads offering enhanced convenience and protection against unauthorized access. Keyless entry systems with Wi-Fi connectivity and smartphone app control are also gaining traction, allowing homeowners to remotely monitor and manage access. Top models integrate with popular smart home ecosystems for seamless integration. AI-assisted, human-reviewed.
Tech 1 min

Apple spent a decade waiting for developers to build Wallet passes. Now it is letting users build their own.

Apple’s Wallet just flipped the script on a decade of stalled adoption: instead of begging developers to build native passes, iOS 18 will let users generate their own from any QR code or PDF, instantly converting legacy tickets and loyalty cards into first-party NFC credentials. The move sidesteps the long tail of reluctant issuers while turning every iPhone into a universal pass factory—potentially rendering third-party ticketing apps obsolete overnight. AI-assisted, human-reviewed.
Tech 2 min

How Nvidia’s Jensen Huang Used The Innovator’s Dilemma to Dominate - 24/7 Wall St.

How Nvidia’s Jensen Huang Used The Innovator’s Dilemma to Dominate 24/7 Wall St.
Tech 2 min

Meta Platforms vs Snap: Who’s Really Winning Digital Ads?

Meta Platforms' ad revenue growth slows to 7% YoY, a stark contrast to Snap's 44% surge in Q1, as the latter's focus on ephemeral content and augmented reality experiences gains traction among younger users, while Meta's dominance in the digital ad market begins to erode. Meta's average ad price per click (APC) dropped 12% YoY, while Snap's APC increased 21%. The shift in ad spend favors Snap's more engaging, immersive formats. AI-assisted, human-reviewed.
Tech 1 min

Image AI models now drive app growth, beating chatbot upgrades

Image-generation APIs are now the breakout growth engine for consumer apps, outpacing even GPT-4 chat upgrades with a 6.5x download surge on launch day, yet fewer than 12% of developers monetize the traffic through in-paint upsells or enterprise SaaS tiers. The delta between virality and LTV exposes a widening gap in product-led conversion loops. AI-assisted, human-reviewed.