Hackers exploiting cPanel vulnerability to access government and military servers and steal sensitive data

A sophisticated cyber espionage campaign targeted South-East Asian government and military systems by exploiting a critical cPanel authentication bypass vulnerability (CVE-2026-41940). The flaw allowed attackers to gain root-level access without credentials using CRLF injection.

Hackers exploiting cPanel vulnerability to access government and military servers and steal sensitive dataHackers exploiting cPanel vulnerability to access government and military servers and steal sensitive data

The attackers also compromised an Indonesian defense portal using CAPTCHA bypass and SQL injection, escalating access to OS-level control via PostgreSQL abuse. They deployed custom C2 infrastructure, reverse shells, and persistence tools like OpenVPN and Ligolo for long-term access.

Through these techniques, over 4GB of sensitive data—including Chinese railway and financial documents containing personal and banking information—was exfiltrated. Security researchers link the operation to coordinated regional intelligence gathering activity, with widespread scanning activity detected across 44,000 IPs globally.
 
 Don't trust a single layer. Upgrade to NPAV EPS — Because your Defender can't defend itself.