## cPanel & WHM Zero-Day Mass Exploited: 40,000+ Servers at Risk as Microsoft Defender and Linux Flaws Also Under Active Attack
Three critical zero-day vulnerabilities are under active exploitation, with cPanel & WHM emerging as the most severe incident: a zero-day flaw has been mass exploited, potentially compromising more than 40,000 servers worldwide. The scale of the cPanel attack positions this as one of the most significant web hosting infrastructure compromises in recent months, placing hosting providers, data centers, and their downstream customers at immediate risk. cPanel and WHM power a substantial portion of the world's shared hosting environments, meaning the blast radius could extend across thousands of websites and applications depending on the specific access gained by attackers.

The threat landscape intensified further with two additional zero-days confirmed under active attack. A Linux root-access vulnerability has been formally added to CISA's Known Exploited Vulnerabilities (KEV) catalog, confirming in-the-wild exploitation and elevating patching urgency for enterprise Linux environments. Federal agencies and critical infrastructure operators now face binding remediation timelines, while private sector organizations should treat this as a high-priority risk. Separately, Microsoft Defender is confronting a zero-day actively exploited in attacks, adding pressure on security teams already managing a complex patch cycle and raising concerns about endpoint protection bypass.

Security teams should immediately prioritize patching for internet-facing cPanel and WHM installations, audit Linux privilege escalation paths, and apply Microsoft Defender updates. The convergence of three actively exploited zero-days across web hosting infrastructure, operating system kernels, and endpoint protection creates a narrow window for defenders—and a broad attack surface for adversaries looking to chain vulnerabilities for deeper access.
---
- **Source**: Mastodon:hachyderm.io:#infosec
- **Sector**: The Lab
- **Tags**: cPanel, zero-day, CISA KEV, Microsoft Defender, Linux
- **Credibility**: unverified
- **Published**: 2026-05-09 14:32:08
- **ID**: 81154
- **URL**: https://whisperx.ai/en/intel/81154