Bleeping Computer
Critrical cPanel flaw mass-exploited in "Sorry" ransomware attacks
ATT&CK techniques detected
T1486Data Encrypted for Impact
100%
“##ing the cpanel flaw since thursday to breach servers and deploy a go - based linux encryptor for the " sorry " ransomware [ virustotal ]. there have been numerous reports of websites impacted by the attacks, including on the bleepingcomputer forums, where a victim shared sample…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1486Data Encrypted for Impact
99%
“##vitna posted to our forums. in each folder, a ransom note named readme. md is created, instructing the victim to contact the threat actor on tox to negotiate a ransom payment. the ransom note is the same for each victim of this ransomware campaign, including the tox id " 3d7889…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
95%
“critrical cpanel flaw mass - exploited in " sorry " ransomware attacks a new disclosed cpanel flaw tracked as cve - 2026 - 41940 is being mass - exploited to breach websites and encrypt data in " sorry " ransomware attacks. this week, an emergency update for whm and cpanel was re…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
A new disclosed cPanel flaw tracked as CVE-2026-41940 is being mass-exploited to breach websites and encrypt data in "Sorry" ransomware attacks. [...]