TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Security Affairs

Hackers target governments and MSPs via critical cPanel flaw CVE-2026-41940

Pierluigi Paganini · 2 days ago · Read original ↗

ATT&CK techniques detected

4 predictions
T1190Exploit Public-Facing Application
96%
“hackers target governments and msps via critical cpanel flaw cve - 2026 - 41940 attackers exploit a critical cpanel flaw to target government and msp networks across southeast asia and several countries, including the u. s. and canada. a threat actor is exploiting critical cpanel…”
T1190Exploit Public-Facing Application
94%
“server that provided direct visibility into one such operation. ” reads the report published by ctrl - alt - intel. “ from this infrastructure, we observed an unknown threat actor interactively targeting government and military entities in south - east asia, alongside a smaller s…”
T1190Exploit Public-Facing Application
92%
“. cybersecurity experts at watchtowr first disclosed the flaw last week and released a tool to help defenders identify vulnerable hosts in their estates. “ as we stated above, in - the - wild exploitation has already begun, according to knownhost. ” reads the advisory by watchtow…”
T1059.001PowerShell
60%
“escalating it to remote code execution via postgresql. the attack enabled command execution and file access, with results exfiltrated through the app. an adaptixc2 malware payload was also identified, indicating active command - and - control operations. analysis of exposed paylo…”

Summary

Attackers exploit a critical cPanel flaw to target government and MSP networks across Southeast Asia and several countries, including the U.S. and Canada. A threat actor is exploiting critical cPanel vulnerability CVE-2026-41940 to target government and military organizations in Southeast Asia, along with MSPs and hosting providers in countries like the Philippines, Laos, Canada, South […]