cPanel has released security updates for an authentication vulnerability affecting all supported versions of cPanel and WebHost Manager (WHM) that could allow unauthorized control panel access. The issue was disclosed by WebPros and lacks an official CVE identifier. Details regarding affected versions and patches are being managed through vendor communications.

CISA added CVE-2026-41940, a missing authentication vulnerability in WebPros cPanel & WHM and WP2 (WordPress Squared), to its Known Exploited Vulnerabilities Catalog based on active exploitation evidence. The vulnerability is classified as a critical function bypass and represents a frequent attack vector for malicious actors. CISA urges all organizations to prioritize remediation as part of their vulnerability management practices, with federal agencies required to remediate by applicable due dates under BOD 22-01.

GovGuam probes cyberattack HAGATNA, 04 MAY 2026 (PACIFIC ISLAND TIMES)—Guam Governor Lou Leon Guerrero has ordered an investigation into a suspected cyberattack affecting government of Guam websites, a global incident linked to a critical zero-day vulnerability targeting cPanel-hosted websites. “Preliminary information indicates that multiple guam.gov websites may be affected as part of a broader global event impacting systems […] The post GovGuam probes cyberattack appeared first on Island Times News .