Hackers use fake security advisory to target cPanel users

News
By published

Targeted phishing campaign tried to steal users' cPanel credentials

cPanel
(Image credit: Marco Verch / Flickr)

cPanel users are being targeted in a new phishing scam that uses a fake security advisory to trick them into giving up their credentials.

cPanel provides shared web hosting users with a Linux-based graphical user interface (GUI) and control panel which simplifies website and server management.

Recently cPanel and WebHost Manager (WHM) users reported that a targeted phishing campaign that used the subject line “cPanel Urgent Update Request” in its emails had appeared online. The fake security advisory was well-crafted and used language that made it really look as if it had come from the company itself.

In their advisory, the cybercriminals behind the targeted phishing attack warned that updates had been released to fix security concerns in cPanel and WHM versions 88.0.3+, 86.0.12+ and 78.0.49+.

Fake security advisory

At the bottom of their security advisory, the attackers explained why cPanel had not released an official statement on the security issues the updates addresses, saying:

“The cPanel Security Team identified the resolved security issues. There is no reason to believe that these vulnerabilities have been made known to the public. As such, cPanel will only release limited information about the vulnerabilities at this time. Once sufficient time has passed, allowing cPanel & WHM systems to automatically update to the new versions, cPanel will release additional information about the nature of the security issues.” 

To make their targeted phishing campaign appear more legitimate, the attackers also registered the domain 'cpanel7831.com' and used Amazon's Simple Email Service (SES) to send out the emails to cPanel and WHM users.

If a user fell for the scam and clicked on the “Update your cPanel & WHM installations” button, they were bought to a website that prompted them to login using their cPanel credentials. Thankfully though, the phishing landing page has since been taken down and now redirects to a Google search for the keyword cPanel.

For those who did happen to fall victim to this scam, it is highly recommended that you log in to your web hosting provider and change the password on your account. Users should also perform a complete audit of their sites and look for any odd PHP files which can be used as backdoors.

Via BleepingComputer

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Latest in News
Hisense U8 series TV on wall in living room
Hisense announces 2025 mini-LED TV lineup, with screen sizes up to 100 inches – and a surprising smart TV switch
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead
EA Sports F1 25 promotional image featuring drivers Oscar Piastri, Carlos Sainz and Oliver Bearman.
F1 25 has been officially announced, with this year's entry marking a return for Braking Point and a 'significant overhaul' for My Team mode
Garmin clippd integration
Garmin's golf watches just got a big software integration upgrade to help you improve your game
More about security
Data leak

Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection

Third-party security issues could be the biggest threat facing your business
An AI face in profile against a digital background.

The race to trillion-parameter model training in AI is on, and this company thinks it can manage it for less than $100,000
See more latest
Most Popular
An AI face in profile against a digital background.
The race to trillion-parameter model training in AI is on, and this company thinks it can manage it for less than $100,000
Hisense U8 series TV on wall in living room
Hisense announces 2025 mini-LED TV lineup, with screen sizes up to 100 inches – and a surprising smart TV switch
Ninkear MBOX 8 Pro
This mini PC has a detachable docking station that hides a hard drive, and I am not convinced whether it's a good idea
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead
CoreWeave
Is CoreWeave another WeWork? Blogger who caused Nvidia market capitalization to drop by $600 billion in a day thinks so
Discord Clyde
Discord's game overlay has seen a complete revamp - I've tried it, and it's one of the best updates ever
Swiss flag with view of Geneva city, Switzerland
Secure encryption and online anonymity are now at risk in Switzerland – here's what you need to know
Data leak
Top home hardware firm data leak could see millions of customers affected
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day