ATLAS · LIVE
ATLAS INDEX
Δ 24H
ACTIVE SOURCES20
HOTSPOTS20
TIME21:10:25 UTC
← All briefs
CRITICALCyber IntelligenceSunday, May 3, 2026

cPanel Vulnerability Exploited in Mass Ransomware Campaign

A newly disclosed critical flaw in cPanel is being actively exploited to breach websites and deploy 'Sorry' ransomware across multiple targets.

A critical vulnerability in cPanel, tracked as CVE-2026-41940, is under active mass exploitation by threat actors deploying ransomware identified as 'Sorry.' The flaw allows attackers to breach websites hosted on affected cPanel installations and encrypt data.

The vulnerability's severity and the scale of exploitation suggest attackers are targeting web hosting environments where cPanel is widely deployed. cPanel is used by millions of websites globally, making the attack surface substantial. The 'Sorry' ransomware campaign appears coordinated, with multiple breaches reported in a compressed timeframe.

The disclosure timing indicates the flaw may have been exploited as a zero-day before public acknowledgment. Organizations running cPanel infrastructure face immediate risk if patches have not been applied. The ransomware's naming convention — 'Sorry' — follows recent trends of threat actors using ironic or apologetic branding.

The rest of this brief is inside the platform

Continue reading. Free.

A free Atlas account unlocks the full briefing, the co-analyst, daily delivery to your inbox, and a sector-personalised feed.

Open free accountSign in
Full brief
Implications, sources, methodology
Co-Analyst
Ask follow-ups on every brief
Sector feed
Briefs filtered to what matters to you
For continuous monitoring
See subscription tiers — from $49/mo →
Implications
  • 01Web hosting providers face immediate breach risk if cPanel instances remain unpatched.
  • 02Website owners on shared hosting may experience data loss or service disruption.
  • 03Security teams must audit cPanel deployments and monitor for ransomware indicators.
  • 04Delayed patch availability extends exposure window for mass exploitation.
Source
BleepingComputer
https://www.bleepingcomputer.com/news/security/critrical-cpanel-flaw-mass-exploited-in-sorry-ransomware-attacks/
Brief is editorial commentary by Atlas Intelligence based on the cited public reporting. Atlas does not reproduce source text. Verify primary source before action.
#cpanel#ransomware#cve-2026-41940#web hosting#zero-day#mass exploitation
Related Briefs
HIGHCyber1d ago

Multi-Year Phishing Campaign Compromises Over 500 Organizations

A sustained phishing operation has breached more than 500 entities across aviation, energy, logistics, and critical infrastructure over several years.

Source · SecurityWeekRead →
HIGHCyber2d ago

JDownloader site compromised to distribute Python RAT malware

Popular download manager's official website served malicious Windows and Linux installers this week, deploying remote access trojan to unsuspecting users.

Source · BleepingComputerRead →
CRITICALCyber3d ago

Linux zero-day grants root access across major distributions

Dirty Frag exploit enables local privilege escalation with a single command, affecting most enterprise Linux deployments currently in production.

Source · BleepingComputerRead →