1. Massive XMR Mining Operation Discovered on Compromised cPanel Servers; Attacker Exploited Auth Bypass CVE, Staged Credential Harvester Targeting Cloud Infrastructure
Security researchers are tracking an active cryptojacking campaign that has compromised cPanel/WHM servers by exploiting a recent authentication bypass vulnerability. The attacker gained root-level access and established persistence through a backdoor account named "pakchoi" with root group (GID 0) privileges, using it...