Author: Łukasz Nowak
73 articles
Nearly two decades in IT. A decade in web hosting - and still in the trenches. Writing about the infrastructure that runs the internet from the inside.
Security
DirtyFrag: Any User Account Can Become Root on Most Linux Servers. The Exploit Is Public. There Is No Patch.
DirtyFrag, a Linux kernel local privilege escalation that gives any local user root access on Ubuntu, RHEL, Fedora, CentOS Stream, AlmaLinux, and openSUSE Tumbleweed, went fully public on May 8 after an embargo break, with no CVE assigned and no patches available for any affected distribution.
Security
CVE-2026-41940 Live: cPanel Authentication Bypass, Active Exploitation, and What Comes Next
CVE-2026-41940, the cPanel authentication bypass exploited for 64 days before disclosure, is still developing. 44,000 servers likely compromised, a public exploit on GitHub, three active campaigns. This page is updated in real time as new information surfaces.
Security
The cPanel Zero-Day Was Active for 64 Days Before Anyone Knew
CVE-2026-41940, the cPanel authentication bypass from April 28, was being exploited since February 23, operated as a zero-day for 64 days, and was added to CISA's Known Exploited Vulnerabilities list with 1.5 million internet-exposed instances counted by Rapid7.
Security
Copy Fail: Any Local User Can Get Root on Nearly Every Linux System Since 2017
Copy Fail (CVE-2026-31431) is a Linux kernel privilege escalation giving any unprivileged local user root access, affecting virtually all distributions since 2017, with shared hosting and multi-tenant environments at highest risk.
Industry reports
Mullenweg Calls WordPress “Mediocre Crap” and Overrules Core Committers on 7.0
Matt Mullenweg called WordPress development "boring or mediocre crap," then overruled core committers to add Akismet to the WordPress 7.0 Connectors screen, weeks before the May 20 release.
M&A
HostPapa Acquires Hostwinds, Adding Seattle and Amsterdam Infrastructure in Its Second Acquisition This Month
HostPapa acquired Hostwinds on April 29, adding self-owned data centers in Seattle and Amsterdam and a developer and reseller customer base to its portfolio, twelve days after acquiring Tailor Made Servers in Dallas.
Security
cPanel Had an Authentication Bypass. Exploits Were Already in the Wild.
cPanel disclosed a critical authentication bypass on April 28 affecting nearly all versions of cPanel and WHM, with active exploits confirmed in the wild before the patch was released, forcing hosting.com, Namecheap, KnownHost, HostPapa, and InMotion Hosting to take cPanel access offline globally.
M&A
Axxess Acquires Absolute Hosting to Grow Its Hosting Revenues in South Africa
South African ISP Axxess acquired Absolute Hosting as part of a deliberate 2026 strategy to grow hosting revenues, with founder Jade Benson remaining managing director and the company continuing to operate independently under its own brand.
Software reviews
Automattic’s New CLI Agent Builds WordPress Sites From a Text Prompt
Automattic launched Studio Code in public beta, a CLI agent built on Anthropic's Claude Sonnet 4.6 that builds, configures, and publishes WordPress sites from natural language commands, running on top of MCP write capabilities launched in March 2026.
Interviews
Copilot Q&A: How Cloudways Built an AI That Diagnoses Infrastructure Issues in Minutes
Ayaz Ahmed Khan of DigitalOcean explains how Cloudways Copilot reduces infrastructure troubleshooting from 30-40 minutes to 5-6 minutes, what the preview period taught the team, and where automated diagnosis still falls short.
Reach hosting professionals
Sponsor webhosting.today and get in front of hosting buyers, founders and engineers.
50k+monthly readers
611articles