cyberpanel en kötü panellerden. cwp de rezalet.

🚨 CyberPanel v2.4.8 (build 8) yayınlandı. Ücretsiz hosting panel olan CyberPanel'de yenilikler; – Komut Paleti – Dark mod arayüz değişikliği – Web site silme gibi fonksiyonları geri eklendi – 4 kritik güvenlik açığı patchlendi (AI Scanner, Git deployment webhook, Backup)

Attackers turned CyberPanel's SnappyMail webmail logs into a persistent root-level backdoor that survived every WordPress cleanup. 14-second compromise chain exploited three critical misconfigurations to achieve cross-service malware injection. Technical breakdown: • Malware: Double-encoded redirect payload in wp-config.php targeting frontend visitors only, excluding admin/AJAX/REST API requests • Attack vector: Default SnappyMail credentials → changed log filename from .txt to .php → injected PHP webshell via login form "username" field • Persistence: Log file at `/usr/local/CyberCP/public/snappymail/data/_data_/_default_/logs/shell.php` executable via LiteSpeed on port 8090 • Privilege escalation: lscpd user has `NOPASSWD: ALL` sudo access, enabling root-level wp-config.php modification every 2-6 hours • Evasion: Backdoor exists outside WordPress webroot, invisible to WP security plugins scanning only `/public_html/` Key artifacts: • SnappyMail logs capture complete attack timeline with PHP injection timestamps • Webshell accessible at `https://IP:8090/snappymail/data/_data_/_default_/logs/shell.php?c=COMMAND` • Typosquat domain: `async[.]gsyndication[.]com` (mimics Google's googlesyndication[.]com) Hunt for CyberPanel installations with unrestricted port 8090 access and verify SnappyMail log filenames don't use .php extensions. Wordfence CLI detected both backdoors with signature `Obfuscated:PHP/superglobal.func.B.10513`. #DFIR_Radar

Allah razı olsun @CyberPanel

CyberPanel v2.4.7 sürümü yayınlandı. - Admin şifrelerinin loglara düz metin düşmesi engellenmiş - File manager / backup manager güvenlik açıkları kapatılmış - Dashboard arayüzü modernleştirilmiş cyberpanel.net/KnowledgeBase…

Awal bulan kemarin abis beli server baremetal 50 juta di @dalangcloud. Sempet takut mau pindahin semua infra Web Ekspor. Berkat bantuan claude code, dalam 20 hari bisa jadi begini. Banyak VM aktif: 1. CyberPanel (hosting 5000 site untuk customer) 2. Bedrock host untuk klien yang butuh nginx murni 3. Mail server multi-tenant pakai Roundcube 4. 1 Tailscale DERP relay self-hosted di Indonesia (latency Mac saya ke server: 38ms → 300µs) 5. Ops dashboard custom yang refresh tiap 30 detik.

Record: CVE-2026-41940 Konumuz cPanel/WHM AuthBypass açığı. Oluşturulan bir python kodu, milyonlarca web sitesini yöneten cPanel'de kimlik doğrulamayı atlayıp sunucuyu ele geçirebiliyor. Saldırgan özel hazırlanmış bir istek göndererek, login sürecini atlatıyor doğrudan panel erişimi alıyor. Ben yakın zamanlarda basit bir sunucu için CyberPanel kullandım arka kapımı (backdoor yanlış anlaşılmasın) zorladılar içeriye hediye bıraktılar.

CyberPanel install tip: if you can click "Next," you can basically become a server wizard. No spells, just a smarter VPS in minutes! Learn more: peramix.com/blog/our-blog-1/…

@CyberPanel buenas. Igual soy un poco estafadores no? Hace meses cancele unos addson de un servidor. Os pedí la cancelación y seguís cobrando. Agradecería la devolución de lo cobrado. Gracias

Lo mejor, para mi es lo mejor incluso que el mismo cpanel o cualquier otro gratuito como cyberpanel, fastpanel ect

Who has a nulled Directadmin or cPanel/WHM. I have been using HestiaCP and Cyberpanel for some projects, but I found them ziko na so many bugs. I saw a new one called OLSpanel, but yet to try

deployed CyberPanel Email contract address is 0xb90a9Fa3648e0f6E4E75FB159404839B4623dbA3 view token: bankr.bot/launches/0xb90a9Fa…

Cyberpanel推出的免费邮箱服务 cyberpanel.net/email-deliver… · 每月最大15000封邮件，每天最多500封 · SMTP和API支持 · 3个域名 3个API 10个邮箱 · 每个邮箱10G空间 · Webmail, IMAP和POP3

Recap of recent updates to Spaceship🚀 🔹 Alf, our AI agent, can start from anywhere on the website, stay with you as you navigate, and update you on the go. It can also help resolve complex DNS issues directly from the chat. 🔹 The chat bubble display was refined so it no longer overlaps with functional buttons. 🔹 SellerHub checkout links can now be generated via API, not just in the Manager. 🔹 Spacemail updates: simplified signature management, redesigned formatting toolbar, quick gestures and bulk actions on mobile, plus more options to Calendar. 🔹 CyberPanel can now be installed on any Virtual Machine running Ubuntu 24.04. 🔹 In addition to pay-as-you-go, Hyperlift also supports a prepaid billing model. 🔹 All Spaceship products are now trial-first, so you can test everything before getting a paid plan. 🔹 Thunderbolt now supports group calls in the Web version. Public networks continue evolving as a space for shared communication. More on this? Our release notes are here: spaceship.com/blog/category/… And the updates keep coming💙

نمونه پنل های رایگانی که می‌تونید استفاده کنید: HestiaCP CyberPanel aaPanel ISPConfig Virtualmin Webmin Froxlor VestaCP Sentora CloudPanel OpenPanel Ajenti Kloxo BlueOnyx EHCP

Management options: Pure CLI (SSH) → max control (my personal favorite) Web panels: Webmin, CyberPanel, aaPanel (free & beginner-friendly) Docker Portainer for apps Pro moves: regular backups, monitor with htop/Netdata, auto security updates, never run as root.

【脅威インテリジェンス】CISA KEVカタログの「ランサムウェア使用」フラグ、2025年に59件がサイレント更新されていた GreyNoiseは2026年2月2日、CISAのKnown Exploited Vulnerabilities（KEV）カタログにおいて、2025年中に59件の脆弱性が告知なしに「ランサムウェア使用確認」ステータスへ変更されていたことを明らかにした。この「サイレントフリップ」は組織のリスク評価に重大な影響を与えるにもかかわらず、アラートや発表なしにJSONファイルのフィールド変更のみで行われていた。 2023年10月に追加されたknownRansomwareCampaignUseフィールドは、優先順位付けを支援するために設計された。しかしCISAは新規追加時だけでなく、既存エントリも静かに更新している。「Unknown」から「Known」へのフリップは、ランサムウェア事業者がその脆弱性をキャンペーンで使用している証拠をCISAが確認したことを意味する。 分析結果によると、59件中最多ベンダーはMicrosoft（27%、16件）でSharePoint、Print Spooler、Mark-of-the-Webバイパス等が含まれる。エッジ/ネットワーク機器脆弱性が34%を占め、Fortinet SSL-VPN、Ivanti Connect Secure、Palo Alto GlobalProtect、Check Point Security Gatewayなど境界防御機器が標的となっている。レガシー脆弱性（2023年以前）は39%で、Adobe Readerの2008年や2012年のOracleバグも含まれる。最速でのランサムウェアフリップは1日、最長は1,353日であった。認証バイパスが最多脆弱性タイプ（14%）で、攻撃者が「侵入即実行」の攻撃チェーンを優先していることを示す。 直近の2026年1月28日にもCVE-2024-49039（Windows Task Scheduler特権昇格）、CVE-2024-51567（CyberPanel）、CVE-2024-9680（Firefox Use-After-Free）、CVE-2024-30088（Windowsカーネル）の4件がフリップした。GreyNoiseはこの問題に対処するため、ランサムウェアフラグ変更を1時間ごとに監視し通知するRSSフィード（kev.labs.greynoise.io/kev-ra…）を公開した。 greynoise.io/blog/unmasking-…

Sunucu yönetimine dair aradığınız her şey burada! 💻 PenDC olarak, karmaşık konfigürasyon süreçlerinde kaybolmamanız için yanınızdayız. Sistem yönetiminden optimizasyona kadar her adımda rehberlik ediyoruz. Blog’da Sizi Neler Bekliyor? 🔹 OS & Sanallaştırma: Ubuntu, CentOS, FreeBSD, ESXi 🔹 Kontrol Panelleri: Plesk, cPanel, CyberPanel, DirectAdmin 🔹 Servisler: Docker, MySQL, WordPress ve SEO Blogumuzu ziyaret etmeyi unutmayın. 👉 PenDC Blog blog.pendc.com/ #DataCenter #SysAdmin #Linux #Plesk #ServerManagement #TechBlog

以下の4脆弱性がランサムウェアに悪用されたことが確認された。米国サイバーセキュリティ・社会基盤安全保障庁(CISA)の既知の悪用された脆弱性カタログが更新。 - Windowsの権限昇格CVE-2024-49039, CVE-2024-30088 - CyberPanelの無認証root権限RCE CVE-2024-51567 - FirefoxのRCE CVE-2024-9680