// #cpanel-whm

1 article

'Sorry' Ransomware Deploys en Masse via cPanel CVE-2026-41940 — 44,000 Hosts Compromised Within 48 Hours of Patch

A ransomware group tracking as 'Sorry' has leveraged the recently-patched cPanel/WHM authentication bypass (CVE-2026-41940) to compromise at least 44,000 web hosting servers globally, deploying a Go-compiled Linux encryptor within 48 hours of the vulnerability's public patch release. The speed of mass exploitation underscores the extreme urgency of applying the cPanel/WHM hotfix.

May 2, 2026 #ransomware +5

Commentary tagged #cpanel-whm

Opinion

The Patch-to-Exploit Window Has Collapsed — cPanel in 48 Hours Is Not an Anomaly, It's the New Baseline

The 'Sorry' ransomware group compromised 44,000 cPanel servers within 48 hours of a critical patch release. The industry still plans patch cycles in weeks. These two realities are incompatible, and the gap between them is where organisations keep getting destroyed.

CipherWatch Editorial

Security Intelligence Platform

May 2, 2026