CPanel's Black Week: 3 New Vulnerabilities Patched After Attack on 44k Servers

Ages ago I used php-nuke to manage my forum and it got hacked and I thought it would get taken seriously

Seeing these CPanel hacks remind me how old these codebases are and how much more vulnerability remain

CPanel and hosters who use them are in big trouble now; there are millions of servers running them, many of them for decades. Their clients can run code as an user without much sandboxing/guardrails at all.

44,000 servers compromised? Sounds like somebody could've used a software building code

Wow, similar sentiments about this being a throw back. I’d rather roll my own almost everything these days, may not be as good, but certainly won’t be targeted exploited broadly.

So CPanel's security is just as bad as their UI, who would have thought?

People are still using cpanel?

"AI safeguards" are not working I guess.. or maybe they're only working against those who'd like to secure their software.. good job Anthropic + OpenAI!

Friendly reminder that there aren't that many ways for a normie to create their own (sub)domain with TLS and an email in under five minutes. That's cPanel for ya.