Aexyn

🚨 The cPanel Situation Is Spiraling Fast On April 29, CVE-2026-41940 was disclosed: a critical pre-authentication bypass in cPanel/WHM that lets remote attackers skip the login flow entirely and gain elevated access. Within 24 hours, it was already being weaponized. Censys watched the fallout in real time. The 6-day timeline (cPanel hosts flagged malicious): Apr 26: 117 Apr 27: 47 Apr 28: 106 Apr 29: 70 Apr 30: 146 May 1: 15,448 On May 1 alone, total malicious hosts jumped by +19,131, and 15,302 of those (roughly 80%) were cPanel/WHM systems. Compare that to the prior days where cPanel made up well under 1.2% of daily changes. This was not background noise. It was a coordinated spike. Top affected providers: DigitalOcean: 1,043 Contabo: 716 OVH: 501 Vultr: 391 Oracle: 321 Unified Layer: 280 Hetzner: 277 Akamai/Linode: 275 GoDaddy: 209 Microsoft: 169 With 1,052,657 cPanel/WHM hosts exposed on the public internet and only 9,595 currently flagged as malicious, the attack surface is enormous and growing. At least two campaigns are running in parallel: a Mirai botnet variant (nuclear.x86) deployed post-compromise, and a ransomware campaign tied to the Sorry/Hidden-Tear family. Ransomware footprint: ~7,000 cPanel servers with ".sorry" encrypted files 6,465 hosts: index.html.sorry 1,637 hosts: index.php.sorry 795 hosts: wp-config.php.sorry Victims directed to attackers via qTox If you run cPanel/WHM, patch immediately. Source: https://t.co/49i8p33EER

Ce n’est pas une théorie. C’est déjà arrivé. En Utah. Étape 1 : loi de vérification d’âge contre les sites pornographiques. Étape 2 : la loi échoue. Les utilisateurs contournent avec des VPN. Étape 3 : nouvelle loi. Restriction d’usage des VPN. Pas limitée aux mineurs ni au porno. C’est exactement le pattern que je décrivais ce matin. → “Donnez-nous vos données pour votre sécurité” → La solution ne fonctionne pas → Les utilisateurs trouvent un contournement → On légifère contre le contournement Virkkunen disait le 29 avril que rendre l’app “non contournable” était “une partie importante des prochaines étapes”. L’Utah vient de nous montrer ce que ça veut dire concrètement.

‼️🇪🇺 The EU's new Age Verification app was hacked with little to no effort. When you set it up, the app asks you to create a PIN. But that PIN isn't actually tied to the identity data it's supposed to protect. An attacker can delete a couple of entries from a file on the phone, restart the app, pick a new PIN, and the app happily hands over the original user's verified identity credentials as if nothing happened. It gets worse. The app's "too many attempts" lockout is just a counter in a text file. Reset it to 0 and keep guessing. The biometric check (face/fingerprint) is a simple on/off switch in the same file. Flip it to off and the app skips it entirely.

Cloudflare has recently started blocking proxy tools like Burp Suite by identifying their unique TLS and request fingerprints. If you encounter this issue, install the “Bypass Bot Detection” extension from the BApp Store. This extension spoofs Burp’s TLS fingerprint, making it appear like normal browser traffic and bypass it.