Unknown Threat Actor Exploits Critical cPanel Vulnerability to Target High-Value Entities

📌 A previously unknown threat actor has exploited a recently disclosed critical vulnerability in cPanel to target government and military entities in Southeast Asia, as well as managed service providers (MSPs) and hosting providers in the Philippines, Laos, Canada, South Africa, and the U.S. The activity was detected by Ctrl-Alt-Intel on May 2, 2026, though no specific CVE ID or technical details of the vulnerability were provided. The attacks focus on compromising networks through the cPanel flaw, with no additional impacts or payloads described in the available content. The campaign appears geographically concentrated but includes a diverse set of high-value targets.