cPanel's Black Week: Three Critical Vulnerabilities Patched After Ransomware Hits 44,000 Servers

cPanel, one of the most widely used web hosting control panels globally, has patched three newly discovered vulnerabilities following what security observers are calling its "Black Week"—a ransomware campaign that compromised approximately 44,000 servers. The scale of the incident has sent shockwaves through the hosting industry, where cPanel's software powers millions of websites and serves as a critical piece of infrastructure for managed hosting providers worldwide.

The vulnerabilities, which were disclosed and patched in rapid succession, reportedly allowed attackers to gain unauthorized access to servers before deploying ransomware. While full technical details remain under investigation, the incident underscores the systemic risk posed by centralized control panel software. Hosting providers and system administrators who delayed patching found themselves exposed to exploitation, with the attack campaign demonstrating how quickly threat actors can weaponize newly discovered flaws in widely deployed infrastructure software.

The fallout from cPanel's Black Week raises urgent questions about patch management practices, vulnerability disclosure timelines, and the security posture of hosting infrastructure that millions of businesses rely on. For the hosting industry, the incident serves as a stark reminder that control panels—often treated as background utilities—represent high-value targets for cybercriminals. Security researchers are urging administrators to immediately apply all available patches, audit access logs for signs of compromise, and review backup and recovery procedures. The incident also highlights the broader tension between rapid software deployment and the need for rigorous security testing in products that serve as gateways to critical digital infrastructure.