All CosmicBytez Labs articles tagged #cPanel, across news, security advisories, how-to guides, and projects.
DragonForce hides C2 inside Microsoft Teams relay traffic; a SearchLeak attack weaponizes M365 Copilot for one-click data exfiltration; iRhythm confirms...
CISA has added CVE-2026-54420, an actively exploited vulnerability in the LiteSpeed cPanel user-end plugin, to its Known Exploited Vulnerabilities catalog...
A high-severity symlink vulnerability in the LiteSpeed cPanel plugin (CVSS 8.5) allows users with FTP or web shell access to escape CloudLinux/CageFS...
A critical CVSS 9.9 argument injection vulnerability in WordPress Toolkit before 6.11.0 allows remote authenticated users to bypass cross-tenant...
CISA's emergency directive gives federal agencies four days to patch the actively exploited LiteSpeed cPanel plugin flaw being weaponized in the wild.
CISA has added a LiteSpeed cPanel plugin zero-day to its Known Exploited Vulnerabilities catalog after active exploitation allowed attackers to execute scripts.
CVSS 9.8 PHP object injection in Mirasvit Full Page Cache Warmer for Magento 2 lets unauthenticated attackers achieve RCE — patch to 1.11.12 now.
A maximum-severity vulnerability in the LiteSpeed User-End cPanel Plugin, tracked as CVE-2026-48172 with a CVSS score of 10.0, is under active...
A critical authentication bypass flaw in cPanel/WHM has triggered a wave of exploit activity, with multiple proof-of-concept exploits now public and...
cPanel has released security updates addressing three vulnerabilities in cPanel and Web Host Manager (WHM), including flaws enabling privilege escalation,...
A newly disclosed critical vulnerability in cPanel and WHM tracked as CVE-2026-41940 is being mass-exploited by ransomware actors to breach web hosting...
The critical CVE-2026-41940 authentication bypass vulnerability in cPanel, WHM, and WP Squared is being actively exploited in the wild and has been...
WebPros cPanel, WHM, and WP2 (WordPress Squared) contain a critical authentication bypass in the login flow, allowing unauthenticated remote attackers to...
cPanel and WebHost Manager have released an emergency patch for a critical authentication bypass vulnerability that allows attackers to gain control panel...