## Unidentified Threat Actor Exploits cPanel Flaw to Breach Government Networks Across Southeast Asia Security researchers at Ctrl-Alt-Intel have identified an active campaign exploiting a recently patched vulnerability in cPanel, the widely deployed web hosting control panel. The operation, detected on May 2, 2026, primarily targets government and military infrastructure across Southeast Asian nations. A secondary cluster of attacks has been documented against managed service providers and hosting companies operating in the Philippines, Laos, Canada, South Africa, and the United States. The threat actor behind the campaign remains unidentified. Ctrl-Alt-Intel's investigation reveals a focus on Southeast Asian government entities, suggesting strategic interest in regional diplomatic, defense, or intelligence-related networks. The smaller MSP cluster appears to function as a pathway—compromising these providers could grant the actor downstream access to their client bases, potentially including additional government or corporate targets. The specific cPanel vulnerability being exploited was disclosed and patched prior to the campaign's detection, indicating the targets either failed to apply the update or were already compromised before remediation. The campaign raises concerns about supply-chain risk in managed IT services. MSPs and hosting providers maintain privileged access to thousands of customer environments, making them high-value targets for actors seeking scalable intrusion opportunities. Security teams managing cPanel instances are urged to verify their installations run the latest patched version and audit access logs for indicators of compromise associated with this actor. The geographic spread of MSP targets—spanning Southeast Asia, North America, and Africa—signals a campaign designed for broad, opportunistic access rather than narrow espionage against a single entity. --- - **Source**: The Hacker News - **Sector**: The Lab - **Tags**: cPanel, vulnerability, threat actor, Southeast Asia, government - **Credibility**: unverified - **Published**: 2026-05-08 04:16:19 - **ID**: 80441 - **URL**: https://whisperx.ai/en/intel/80441