When hosting providers took cPanel offline on April 28, the working assumption was that the vulnerability had been discovered shortly before the advisory. That assumption was wrong. KnownHost CEO Daniel Pearson has confirmed that his company observed exploitation attempts as early as February 23, 2026, roughly 64 days before any public advisory, patch, or CVE existed. … Continue reading The cPanel Zero-Day Was Active for 64 Days Before Anyone Knew