St
1.7K posts
cPanel & WHM v136 improves security, automation, and server management:
✅ Built-in firewall (no external tools)
✅ Short-lived SSL with auto renewal
✅ Unified SSL/TLS interface
✅ Server-wide PHP error logging
👉 Full release notes: #cpanel--whm-version-136" target="_blank" rel="nofollow noopener">docs.cpanel.net/release-notes/…
English
EasyApache 4 v25.55 is now available:
• ea-libxml2 → 2.15.3
• ea-nghttp2 → 1.69.0
• ea-nginx → 1.30.0 (related packages built against it)
Full change log → docs.cpanel.net/changelogs/eas…
#EasyApache #cPanelUpdates
English
St retweetledi
@cPanel ZERO-day for cPanel Oakley Capital and WebPros. You are fucked and serves you right after the 2000% price hikes from 2019 onwards. You have lost all trust, left right and dataCenter. [CVE-2026-41940]
English
St retweetledi
🚨 BREAKING: cPanel and WHM, the control panels behind an estimated 70+ million websites, have a critical security flaw that lets anyone become root admin without a password. CVE-2026-41940 affects every supported version. It’s already being exploited in the wild.
watchTowr Labs published the full attack today, after the hosting company KnownHost confirmed the bug was already being used to break into a significant chunk of the internet.
If you've never heard of cPanel: it's the dashboard that hosting providers and millions of website owners use to manage their servers, domains, email accounts, databases, and SSL certificates. WHM is the admin version that controls the entire server. If someone gets root access to WHM, they get the keys to the kingdom and to every apartment inside it.
How the attack works, in plain English:
🔴 Step 1: The attacker sends a deliberately wrong login. cPanel still creates a temporary "you tried to log in" record on disk and gives the attacker a cookie tied to it.
🔴 Step 2: The attacker tweaks the cookie to disable cPanel's password encryption. Normally cPanel encrypts the password field on disk. With one small change to the cookie, cPanel just stores it as plain text instead.
🔴 Step 3: The attacker sends a fake login attempt where the password field secretly contains hidden line breaks. cPanel does not strip these line breaks out, so they get written straight to the session file. Each line break creates a brand new fake record. The attacker uses this to inject lines that say "this user is root" and "this user already authenticated successfully."
🔴 Step 4: The attacker visits one more random page on the site to nudge cPanel into re-reading the file. cPanel then promotes the injected fake lines into its main session memory.
🔴 Step 5: On the next request, cPanel sees a flag that says "this user already passed the password check." cPanel trusts that flag, skips checking the actual password, and lets the attacker in as root.
From start to finish, the attack takes a handful of HTTP requests.
If you run cPanel or WHM, the patched versions are:
🔴 cPanel/WHM 110.0.x → 11.110.0.97
🔴 cPanel/WHM 118.0.x → 11.118.0.63
🔴 cPanel/WHM 126.0.x → 11.126.0.54
🔴 cPanel/WHM 132.0.x → 11.132.0.29
🔴 cPanel/WHM 134.0.x → 11.134.0.20
🔴 cPanel/WHM 136.0.x → 11.136.0.5
If your version is older than these, assume someone has already broken in and act accordingly. Patch right now, then rotate every password and key the server touched: root passwords, API tokens, SSL private keys, SSH keys, mail passwords, and database passwords.
English
St retweetledi
🚨 cPanel 0-Day Vulnerability Actively Exploited in the Wild — PoC Released
Source: cybersecuritynews.com/cpanel-0-day-a…
A critical authentication bypass vulnerability in cPanel & WHM has been confirmed to be actively exploited in the wild, sending shockwaves through the global web hosting industry.
The flaw, tracked as CVE-2026-41940, allows unauthenticated attackers to bypass login mechanisms entirely, potentially granting root-level access to affected hosting control panels. A public proof-of-concept (PoC) exploit has since been released, raising the urgency for immediate patching.
The vulnerability resides in the authentication layer of cPanel & WHM software, including DNSOnly deployments.
#cybersecuritynews #Cpanel
English
St retweetledi
GOLAZOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOO DE ARDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Español
The President of the United States is threatening to commit war crimes and wipe out a "whole civilization" — all because he started a disastrous war of his own making and had no plan and no strategy for how to end it.
This is abhorrent, and the American people do not support this.
Trump's recklessness is needlessly putting our brave service members in harm's way, destroying America's global standing, and making life even more unaffordable for the American people.
We must all stand against this and oppose funding this illegal war of choice.
English
St retweetledi
#kriptodavergiyehayır tag'ı Türkiye gündemine çok kısa sürede girip zirveye yerleşti dün.
Zira taslaktaki hiç bir cümle, kripto yatırımcılarının isteği/talebi/beklentisi yönünde değil.
Binde 3 işlem vergisi de dahil, taslaktaki hiç birşey mantıklı değil. İşlem vergisi de garip bir önerme. Kripto transferi için işlem vergisi daha da garip bir önerme.
EFT ücreti gibi mantık kuruldu belli ki.
Lakin kripto transferleri blockchain ağında yapılıyor. Yani o işlemlerin ücreti zaten ilgii ağlarda ödeniyor.
Umarım yatırımcılara kulak verilir ve daha iyisi için çalışmalara başlanır. Daha iyisini hak ediyoruz memleket olarak.
Türkçe
St retweetledi
