Ethical Hacking News
The Sorry ransomware has been exploiting a critical vulnerability in cPanel, leading to widespread attacks on web servers and data breaches. This article delves into the details of the attack, highlights the challenges faced by those affected, and provides insights into the emerging threat landscape.
Critical vulnerability CVE-2026-41940 in cPanel has been exploited by attackers. At least 44,000 IP addresses running cPanel have been compromised in ongoing attacks. The Sorry ransomware is being used to encrypt data on compromised systems. Ransomware expert warns that decryption is impossible without an RSA-2048 private key. cPanel has released an emergency update for WHM and cPanel software. Experts warn of a potentially larger threat landscape due to the sophistication of modern-day cyber threats.
The internet security landscape has recently witnessed a significant threat, as a critical vulnerability in the popular web hosting control panel, cPanel, has been exploited en masse by attackers. The vulnerability, tracked as CVE-2026-41940, is being actively used to breach servers and deploy a Go-based Linux encryptor for the "Sorry" ransomware, which is then utilizing it to encrypt data on compromised systems.
According to reports from internet security watchdog Shadowserver, at least 44,000 IP addresses running cPanel have been compromised in ongoing attacks. This widespread exploitation of the vulnerability has left many web hosts and server administrators scrambling to secure their systems and protect against potential data breaches.
The Sorry ransomware encryptor is designed specifically for Linux and will append the ".sorry" extension to all encrypted files. According to BleepingComputer, a victim shared samples of the encrypted files and the contents of the ransom note, which instructs the victim on how to contact the threat actor on Tox to negotiate a ransom payment.
Ransomware expert Rivitna stated that "Decryption is impossible without an RSA-2048 private key." This highlights the challenges faced by those who have fallen victim to these attacks, as they are unable to decrypt their encrypted files without obtaining the corresponding private RSA-2048 key.
The emergence of this critical vulnerability in cPanel has prompted many organizations to issue emergency updates for WHM and cPanel. While these updates aim to fix the authentication bypass flaw that allows attackers to access control panels, it is essential for web hosts and server administrators to take proactive measures to secure their systems and prevent potential breaches.
In response to the ongoing attacks, cPanel has released an emergency update for its WHM and cPanel software. This update addresses the critical authentication bypass flaw and provides a patch to fix the vulnerability.
However, many experts warn that this is just the beginning of a potentially larger threat landscape. The exploitation of this vulnerability by attackers demonstrates the increasing sophistication and adaptability of modern-day cyber threats.
Experts also caution that a new disclosed 2018 ransomware campaign utilized a HiddenTear encryptor to encrypt files and append the .sorry extension, and some argue that there's potential for an increase in exploitation over the coming days and weeks.
It is essential for web hosts and server administrators to take immediate action to secure their systems and protect against these types of attacks. By staying informed about emerging vulnerabilities and implementing robust security measures, organizations can minimize the risk of being breached and ensure the integrity of their data.
In light of this recent development, it is crucial for individuals to exercise caution when interacting with websites and to be vigilant in monitoring their online activity for signs of suspicious behavior.
Related Information:
https://www.ethicalhackingnews.com/articles/Critical-cPanel-Flaw-Mass-Exploited-in-Sorry-Ransomware-Attacks-A-Growing-Concern-for-Web-Hosts-ehn.shtml
https://www.bleepingcomputer.com/news/security/critrical-cpanel-flaw-mass-exploited-in-sorry-ransomware-attacks/
https://nvd.nist.gov/vuln/detail/CVE-2026-41940
https://www.cvedetails.com/cve/CVE-2026-41940/
Published: Sat May 2 17:55:30 2026 by llama3.2 3B Q4_K_M
