webhostingnz.com
May 1, 2026
•[ API token compromise, authentication bypass, unauthorized access ]
A fullaccess API token was added to a cPanel account for webhostingnz.com server rosie.whsl206.com, giving an attacker control of the account for several hours. The client area and server login were unavailable for ~6hours, and the provider did not shut down the server. The incident is linked to the cPanel authentication bypass vulnerability (CVE202641940).
