The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. government agencies three days to secure their servers against an actively exploited vulnerability (CVE-2026-54420) in the LiteSpeed cPanel user-end plugin.
CISA warns of another cPanel plugin flaw exploited in attacks
Summary + source link. No paywalls, no tracking.