Skip to main content
TechnologyMay 7, 2026· 1 min read

The Sorry Ransomware Doesn't Apologize for Victimizing Others Thanks to a cPanel Vulnerability

cPanel

cPanel is well-known software for anyone who has ever managed a server, as it is often provided by hosting and cloud operators for simplified management of services and websites. A new vulnerability in cPanel and WHM, known as CVE-2026-41940, is now being exploited on a large scale to attack servers with cPanel installed and encrypt their contents using the ransomware "Sorry".

The Sorry Ransomware Exploits a Vulnerability in cPanel

The ransomware known as "Sorry" was written for Linux, the operating system on which cPanel and WHM run, and is named because it adds the extension ".sorry" to the files it encrypts. It uses the ChaCha20 cipher and then protects its key using RSA-2048; the only way to decrypt the data is to obtain the private key, which the criminals promise to send upon substantial payment.

The ransomware is employed due to the vulnerability in cPanel and WHM that allows attackers to bypass authentication systems and thus access servers, as reported by Bleeping Computer.

An emergency update for cPanel and WHM has already been released, which fixes the vulnerability and protects against the associated risks. All users of both software are urged to install the latest updates to protect themselves from the ongoing attacks, which have already victimized over 40,000 people worldwide.

The Huawei Watch Fit 5 Series Arrives in Italy: Specifications and Prices in Our CountryThis 48,000 Pa vacuum cleaner costs just over €90 on Amazon: it's a super offer with a coupon included