Hackers are actively exploiting a bug in cPanel and WHM (techcrunch.com) 40 points by dotmanish 2mo ago ↗ HN
[–] dspillett 2mo ago ↗ With this (CVE-2026-41940) and copy.fail (CVE-2026-3143), it must be an exciting time in the shared hosting business right now… Glad I've been out of it for a long time.
[–] sikozu 2mo ago ↗ There must be so many (small) shared hosting companies that don't update their software, those poor customers.
[–] ChrisArchitect 2mo ago ↗ A full breakdown of the vulnerability: https://labs.watchtowr.com/the-internet-is-falling-down-fall... [–] sikozu 2mo ago ↗ Thanks for sharing, this is a great read!
[–] aitchnyu 2mo ago ↗ Which are the safest control panels^ ? Been thinking about Hostineer which developed and dogfooded ApisCP over 20 years.[^] a product made for commercial operators stuffing thousands of PHP sites into a server, so no Coolify, Google Cloud Run.
[–] jmclnx 2mo ago ↗ Luckily my site uses Plesk after moving away from cPanel years ago.I have to wonder if this issue is due to never reviewing auto-test scripts ?I know where I worked, testing is now an afterthought and half the time testing means no issues compiling and deploying :)We had a separate testing group and they caught lots of issues. But due to Agile, they were all fired years ago.
6 comments
[ 2.9 ms ] story [ 19.7 ms ] thread[^] a product made for commercial operators stuffing thousands of PHP sites into a server, so no Coolify, Google Cloud Run.
I have to wonder if this issue is due to never reviewing auto-test scripts ?
I know where I worked, testing is now an afterthought and half the time testing means no issues compiling and deploying :)
We had a separate testing group and they caught lots of issues. But due to Agile, they were all fired years ago.