cPanel and WebHost Manager (WHM) released an emergency update to fix a critical authentication bypass vulnerability affecting nearly all versions. The flaw could allow attackers to gain unauthorized access to hosting control panels.
cPanel issued an urgent security patch addressing a critical vulnerability in its control panel and WHM dashboard software. The bug affects all versions except the latest release and permits attackers to bypass authentication mechanisms entirely.
The vulnerability allows unauthenticated users to access cPanel and WHM interfaces without valid credentials, potentially granting full control over hosting accounts. This represents a severe risk for web hosting providers and their customers, as attackers could modify configurations, steal data, or deploy malicious content.
What's affected:
Virtually all cPanel and WHM versions prior to the patched release are vulnerable. The company strongly recommends immediate updates for all users running older builds.
Action required:
Administrators should prioritize applying the emergency patch to all affected systems. cPanel has not disclosed extensive technical details about the vulnerability to prevent exploitation before patching is complete. Users unable to update immediately should monitor their systems for suspicious activity.
The timing of this disclosure follows growing scrutiny of cPanel's security practices. As one of the most widely used web hosting control panels globally, vulnerabilities in cPanel impact millions of websites across countless hosting providers.
Hosting companies dependent on cPanel are expected to deploy fixes urgently. Delay risks exposing customer accounts to compromise. The patch is available through standard cPanel update channels.
Security researchers and hosting providers have been urged to verify patch deployment across their infrastructure. Given the critical nature of the flaw and its broad impact, this represents one of the more serious cPanel vulnerabilities in recent years.
A hacker accessed Suno's source code, revealing details about how the AI music platform scraped millions of songs. Suno confirmed a November breach but stated no sensitive personal data was compromised.
Federal prosecutors have unsealed a 2024 indictment charging three Russian nationals and two web hosting services with facilitating cyberattacks and money laundering that victimized cybercrime targets of $62 million.
A hacker accessed Suno's source code using stolen employee credentials, revealing that the AI music generator scraped decades of audio from YouTube to train its model.
Criminals can now clone voices with AI in mere seconds, outpacing traditional authentication defenses that banks and financial institutions rely on to prevent fraud.