Critical cPanel Vulnerability Exploited in Southeast Asia Cyber Attacks

Critical cPanel Vulnerability Exploited in Southeast Asia Cyber Attacks

First seen 4 May 2026, 20:32 UTC CybersecuritynewsSecurityaffairs.Coctrlaltintel.com 79% similarity 78.0

Article Content

Browse articles
ThreatCluster

A sophisticated cyber campaign has exploited a critical cPanel vulnerability (CVE-2026-41940) to breach government and military servers in Southeast Asia, particularly targeting Indonesia. The attackers utilized a custom zero-day exploit chain to access sensitive information, exfiltrating over 4GB of documents related to Chinese railway projects. The vulnerability was published on April 29, 2026, and was actively exploited as of April 30, 2026. In addition to Indonesian targets, the campaign has also affected managed service providers (MSPs) in countries including the Philippines, Laos, Canada, and the U.S. The attack highlights the urgent need for organizations to patch this critical vulnerability to prevent further exploitation. Current assessments indicate that the threat remains active and evolving.

Key Points: • CVE-2026-41940 is a critical cPanel vulnerability with a CVSS score of 9.8. • Over 4GB of sensitive documents were exfiltrated from targeted servers. • The attack impacts government and military organizations across Southeast Asia and beyond.

ThreatCluster AI

Timeline

2026-04-29
CVE-2026-41940 published
2026-04-30
CVE-2026-41940 added to CISA KEV for active exploitation
2026-04-30
First public PoC for CVE-2026-41940 released
2026-05-02
Cybersecuritynews reports on breaches using CVE-2026-41940
2026-05-04
Securityaffairs.Co reports on broader attack scope

Community

Browse all →