{"id":146,"date":"2026-05-06T19:08:56","date_gmt":"2026-05-06T09:08:56","guid":{"rendered":"https:\/\/moderntokyotimes.com\/?p=146"},"modified":"2026-05-06T19:08:56","modified_gmt":"2026-05-06T09:08:56","slug":"hackers-exploit-cpanel-and-whm-software-cve-2026-41940","status":"publish","type":"post","link":"https:\/\/moderntokyotimes.com\/?p=146","title":{"rendered":"Hackers Exploit cPanel and WHM Software (CVE-2026-41940)"},"content":{"rendered":"\n

Hackers Exploit cPanel and WHM Software<\/strong> (CVE-2026-41940) <\/strong><\/p>\n\n\n\n

Kanako Mita, Sawako Utsumi, and Lee Jay Walker<\/strong><\/p>\n\n\n\n

Modern Tokyo Times<\/strong><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

A major cybersecurity breach linked to cPanel and Web Host Manager (WHM)<\/strong> escalated rapidly last week, after hackers exploited a critical vulnerability that allowed administrative takeover of affected systems.<\/p>\n\n\n\n

The flaw \u2014 identified as CVE-2026-4190 \u2014 prompted an urgent warning from the Cybersecurity and Infrastructure Security Agency (CISA)<\/strong>, which called for the immediate patching of government servers and other critical infrastructure. Officials warned that the vulnerability posed a severe risk due to the level of access it granted attackers.<\/p>\n\n\n\n

Investigations suggest the breach may have begun earlier this year, before intensifying sharply following public disclosure. At least 40,000 servers are believed to have been fully compromised, with attackers gaining root-level administrative control. Such access effectively allowed threat actors to seize configurations, databases, and all websites managed through the impacted platforms.<\/p>\n\n\n\n

Security Week<\/em> reported, \u201cCVE-2026-41940 was likely exploited as a zero-day since late February, with activity spiking after the public disclosure and after the threat intelligence firm WatchTowr published technical details.\u201d<\/strong><\/em><\/p>\n\n\n\n

The architecture of the affected software significantly amplified the impact. As Bleeping Computer<\/em> noted, \u201cWHM and cPanel are Linux-based web hosting control panels for server and website management. While WHM provides server-level control, cPanel provides administrator access to the website backend, webmail, and databases.\u201d<\/em><\/strong><\/p>\n\n\n\n

Within days, the scale of the incident widened further, with reports indicating that at least 44,000 IP addresses had been compromised in connection with the breach.<\/p>\n\n\n\n

No single perpetrator has been identified. Instead, multiple threat actors appear to have exploited the vulnerability concurrently. Observed activity includes deployments of the \u201cSorry\u201d <\/strong>ransomware strain, operations linked to the Mirai botnet, and indications of cyber-espionage campaigns targeting parts of Southeast Asia.<\/p>\n\n\n\n

The speed and scope of the compromise \u2014 particularly the rapid acquisition of root-level control across thousands of servers \u2014 caught many in the cybersecurity community off guard. In response, major hosting providers, including\u00a0HostGator\u00a0and\u00a0KnownHost, implemented emergency measures to mitigate the damage.<\/p>\n\n\n\n

Although patches have since been released by cPanel and WHM, the full extent of the breach remains unclear. The incident underscores the systemic risks posed by vulnerabilities in widely used hosting infrastructure \u2014 and the speed at which such weaknesses can be weaponized once exposed.<\/p>\n\n\n\n

MODERN TOKYO TIMES \u2013 MODERN TOKYO NEWS \u2013 please check https:\/\/moderntokyonews.com<\/a><\/strong><\/p>\n\n\n\n

Please check Modern Tokyo News at https:\/\/moderntokyonews.com<\/a> for articles going back over 10 years. Sadly, Modern Tokyo Times got hacked and lost 14 years of articles\u2026<\/strong><\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Modern Tokyo News is part of the Modern Tokyo Times group<\/strong><\/p>\n\n\n\n

http:\/\/moderntokyotimes.com<\/a> Modern Tokyo Times \u2013 International News and Japan News<\/strong><\/p>\n\n\n\n

http:\/\/sawakoart.com<\/a> \u2013 Sawako Utsumi\u2019s website and Modern Tokyo Times artist<\/strong><\/p>\n\n\n\n

https:\/\/moderntokyonews.com<\/a> Modern Tokyo News \u2013 Tokyo News and International News<\/strong><\/p>\n\n\n\n

PLEASE JOIN ON TWITTER<\/strong><\/p>\n\n\n\n

https:\/\/twitter.com\/MTT_News<\/a> Modern Tokyo Times<\/strong><\/p>\n\n\n\n

https:\/\/www.facebook.com\/moderntokyotimes\/<\/a> Facebook<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

Hackers Exploit cPanel and WHM Software (CVE-2026-41940) Kanako Mita, Sawako Utsumi, and Lee Jay Walker Modern Tokyo Times A major cybersecurity breach linked to cPanel and Web Host […]<\/p>\n","protected":false},"author":1,"featured_media":155,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22,4,30],"tags":[232,233,226,227,230,90,38,236,231,89,234,235,228,229],"class_list":["post-146","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-business","category-geopolitics","category-info-and-technology","tag-cpanel-and-whm-compromised","tag-cpanel-and-whm-hacked","tag-cpanel-compromised","tag-cpanel-hacked","tag-cve-2026-41940","tag-japan-news-agency","tag-lee-jay-walker","tag-mirai-botnet","tag-sorry-ransomware","tag-tokyo-news-agency","tag-whm-and-cpanel-hacked","tag-whm-and-cpanel-hit","tag-whm-compromised","tag-whm-hacked"],"_links":{"self":[{"href":"https:\/\/moderntokyotimes.com\/index.php?rest_route=\/wp\/v2\/posts\/146","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/moderntokyotimes.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/moderntokyotimes.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/moderntokyotimes.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/moderntokyotimes.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=146"}],"version-history":[{"count":8,"href":"https:\/\/moderntokyotimes.com\/index.php?rest_route=\/wp\/v2\/posts\/146\/revisions"}],"predecessor-version":[{"id":156,"href":"https:\/\/moderntokyotimes.com\/index.php?rest_route=\/wp\/v2\/posts\/146\/revisions\/156"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/moderntokyotimes.com\/index.php?rest_route=\/wp\/v2\/media\/155"}],"wp:attachment":[{"href":"https:\/\/moderntokyotimes.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=146"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/moderntokyotimes.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=146"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/moderntokyotimes.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=146"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}