First reports come in of victims of critical cPanel vuln as 'millions' of sites potentially exposed
Summary
Attackers are actively exploiting a critical vulnerability in cPanel, a widely used web hosting platform, before patches were widely deployed. At least one victim has reported a ransomware demand following the exploitation, and millions of websites are potentially exposed. CISA has added the vulnerability to its Known Exploited Vulnerabilities Catalog.
IFF Assessment
The active exploitation of a critical vulnerability before patches are fully deployed and the subsequent ransomware attack represent a direct threat to defenders and organizations.
Severity
The vulnerability is described as 'critical' and exploitation is already underway, indicating a high impact and exploitability. A CVSS score of 9.8 reflects the severity of potential widespread compromise and data manipulation/loss.
Defender Context
Defenders need to prioritize patching their cPanel installations immediately, as exploitation is confirmed and ongoing. Organizations should also prepare for potential follow-on attacks, such as ransomware, and ensure robust incident response plans are in place.