🚨 BREAKING: cPanel and WHM, the control panels behind an estimated 70 million websites, have a critical security flaw that lets anyone become root admin without a password. CVE-2026-41940 affects every supported version. It’s already being exploited in the wild. watchTowr Labs published the full attack today, after the hosting company KnownHost confirmed the bug was already being used to break into a significant chunk of the internet. If you've never heard of cPanel: it's the dashboard that hosting providers and millions of website owners use to manage their servers, domains, email accounts, databases, and SSL certificates. WHM is the admin version that controls the entire server. If someone gets root access to WHM, they get the keys to the kingdom and to every apartment inside it. How the attack works, in plain English: 🔴 Step 1: The attacker sends a deliberately wrong login. cPanel still creates a temporary "you tried to log in" record on disk and gives the attacker a cookie tied to it. 🔴 Step 2: The attacker tweaks the cookie to disable cPanel's password encryption. Normally cPanel encrypts the password field on disk. With one small change to the cookie, cPanel just stores it as plain text instead. 🔴 Step 3: The attacker sends a fake login attempt where the password field secretly contains hidden line breaks. cPanel does not strip these line breaks out, so they get written straight to the session file. Each line break creates a brand new fake record. The attacker uses this to inject lines that say "this user is root" and "this user already authenticated successfully." 🔴 Step 4: The attacker visits one more random page on the site to nudge cPanel into re-reading the file. cPanel then promotes the injected fake lines into its main session memory. 🔴 Step 5: On the next request, cPanel sees a flag that says "this user already passed the password check." cPanel trusts that flag, skips checking the actual password, and lets the attacker in as root. From start to finish, the attack takes a handful of HTTP requests. If you run cPanel or WHM, the patched versions are: 🔴 cPanel/WHM 110.0.x → 11.110.0.97 🔴 cPanel/WHM 118.0.x → 11.118.0.63 🔴 cPanel/WHM 126.0.x → 11.126.0.54 🔴 cPanel/WHM 132.0.x → 11.132.0.29 🔴 cPanel/WHM 134.0.x → 11.134.0.20 🔴 cPanel/WHM 136.0.x → 11.136.0.5 If your version is older than these, assume someone has already broken in and act accordingly. Patch right now, then rotate every password and key the server touched: root passwords, API tokens, SSL private keys, SSH keys, mail passwords, and database passwords.

I decided to pick my mother from @BLRAirport as a surprise. Now, she is waiting for me at Airport and I am still on the way to Airport after 2 hours in cab 🥲🤣 #BangaloreDiaries #BangaloreTraffic #SurpriseSpoiled 🥲#NammaBengaluru

#WATCH | Mumbai | Actor Akshay Kumar says, "I want to tell you all a small incident which happened at my house a few months back. My daughter was playing a video game, and there are some video games that you can play with someone. You are playing with an unknown stranger. While you are playing, sometimes a message comes from there...Then a message came, Are you male or female? So she replied female. And then he sent a message. Can you send me nude pictures of yours? It was my daughter. She switched off the whole thing and she went and told my wife. This is how things begin. This is also a part of cybercrime... I would request the Chief Minister that in our Maharashtra state, every week in the seventh, eighth, ninth and tenth standards, there should be a period called cyber period where children should be explained about it. You all know that this crime is becoming bigger than street crime. It is very important to stop this crime..."

When the game is done, only the champions will be remembered and not the picture of a 🏆

I have decided to donate my match fees from this tournament to support our Armed Forces and the families of the victims who suffered from the Pahalgam terror attack. You always remain in my thoughts 🙏🏽 Jai Hind 🇮🇳

Switzerland at UN: "We ask India to take effective measures to protect the MINORITIES and uphold FoE" *India answers today* ~ "India offers to help Switzerland deal with "RACISM, Systematic Discrimination, & XENOPHOBIA"💀 This is Brutal Diplomacy 🤣🔥

Statement by Official Spokesperson⬇️ 🔗 bit.ly/40Qj6On

Something is very off with @amazonIN delivery these days. It is not as quick as before, products are not delivered on time and mostly delivery dates are not the next day as it used to be. Are you noticing it too? #amazon #amazondelivery

Hey @elonmusk... are you aware that the gov't was NEVER, EVER meant to be run like a Silicon Valley start-up company. Why? In short, its bottom line isn’t profit margins, it’s people. The notion that the gov't should be run like a business is an absurd one, AT BEST.

My name is Prasanna, who previously founded Rippling (worth $10B); I'm going through a divorce. I'm now on the run from the Chennai police hiding outside of Tamil Nadu. This is my story.

Longest duration holding Hercules pillars (male) 💪⏱️ 2 mins 10.75 seconds by @VispyKharadi 🇮🇳

Hi @UIDAI @ceo_uidai is there any such mandatory to use PAN Card with QR code only as accepted PAN card or the old PAN card still valid? One of your #AADHAR centre refused old pan card. Kindly clarify.

It is utterly a shame that with advancement of technology, Indian Judiciary has failed to update itself Section 112 of Indian Evidence Act is Archaic as there were no DNA tests during those times I know so many men now who have proper private DNA test proof that the child is not theirs but still courts are not permitting DNA tests to prove paternity. Paternity Fraud is the most painful kind of cheating a man can be subjected to but still there is zero punishment for the woman. It is funny that in India, a man can be tried criminally if he keeps the Streedhan of his wife but a woman can not be charged criminally if she keeps someone else's child

Children cannot consent. That is why there are laws protecting minors. Those who perpetrated this evil should be in prison for life.

The @POTUS has asked @SpaceX to bring home the 2 astronauts stranded on the @Space_Station as soon as possible. We will do so. Terrible that the Biden administration left them there so long.

🚨🇺🇸 TRUMP: IT’S OFFICIAL POLICY—THERE ARE ONLY TWO GENDERS, MEN AND WOMEN "I’ve made it an official policy of the United States that there are only two genders, male and female. We will have no men participating in women’s sports, and transgender operations, which became the rage, will occur very rarely.” Source: @TrumpWarRoom