Critical cPanel and WHM bug exploited as a zero-day, PoC now available

SITREP: A critical authentication bypass vulnerability (CVE-2026-41940) in cPanel, WHM, and WP Squared is currently being exploited as a zero-day. Proof of Concept (PoC) for the vulnerability is now publicly available, indicating an escalation in threat activity since late February. TACTICAL ASSESSMENT: The exploitation of this vulnerability poses significant risks to web hosting environments, potentially allowing unauthorized access to sensitive data. This incident highlights the ongoing challenges in cybersecurity, particularly in the realm of widely used software platforms. PROJECTED VECTORS: Future attacks may increase as more malicious actors gain access to the PoC and develop tailored exploits.