cPanel Exploited: Over 40,000 Systems Compromised Globally

/MEDIUM
Written by SCW Threat Desk Threat Intelligence
SCW israel
cPanel Exploited: Over 40,000 Systems Compromised Globally

Cyber News - Erez Dasa reports that a critical vulnerability in cPanel is being widely exploited, with over 40,000 systems compromised worldwide. Attackers are leveraging this flaw for both defacement and ransomware operations. This widespread compromise highlights the immediate risk to organizations relying on cPanel for server management.

While ShadowServer data indicated around 110 internet-accessible cPanel instances in Israel, this number has significantly dropped to 12, suggesting many administrators have taken action to block external access to their interfaces. However, the global scale of this exploitation means many more systems outside of Israel remain vulnerable and exposed.

What This Means For You

  • If your organization uses cPanel, immediately verify that all instances are patched to the latest version. Audit access logs for any unauthorized activity and consider restricting direct internet access to the cPanel interface, enforcing access via VPN or bastion hosts.

๐Ÿ›ก๏ธ Detection Rules

3 rules ยท 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free โ€” export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

cPanel Exploit - Suspicious URI Pattern

Sigma YAML โ€” free preview

Source: Shimi's Cyber World ยท License & reuse

โœ“ Sigma ยท Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM โ†’

Written by SCW Threat Desk

Take action on this incident
๐Ÿ“ก Monitor cpanel.com Free ยท 1 watchlist slot ยท instant alerts on new breaches ๐Ÿ” Threat intel on cPanel All breaches, IOCs & vendor exposure