Hello,

Greetings!!

We would like to inform you that the Master Reseller usm1.noc41.com server live upgrade has been scheduled for May 17th at 4:00 UTC. This upgrade is necessary to enhance the server's performance and resolve the reported multiple accessibility issues. Rest assured, there will be no downtime during this process, as it will be a live migration. Your IPs will remain the same after the migration is complete. 

It will take 48-72 hours for the migration to complete. To ensure a smooth and error-free migration process, we kindly request that you refrain from making any changes to your sites during this time. This includes avoiding upgrades to your CMS or installation of new plugins. To prevent any discrepancy and ensure a smooth migration process, the FTP services on the server will be temporarily restricted during the migration period.

We understand that you may be eager to enhance your website, but making changes during the migration process can lead to complications and potential errors. By waiting until the migration is complete, you can ensure a seamless transition without any disruptions to your site's functionality. We will synchronize all emails once the migration is completed.

Our team is dedicated to providing you with the best possible service, and we appreciate your cooperation in this matter. If you have any questions or concerns, please don't hesitate to reach out to our support team. Thank you for your understanding and patience.

We understand the importance of keeping you informed, and we will provide regular updates on the migration progress through this news thread. If you have any questions or concerns regarding this upgrade, please do not hesitate to contact our technical support team.

Thank you for your continued trust in our services.

Hello,

We would like to inform you that the recent cPanel/WHM security incident (CVE-2026-41940) has caused corruption to the server operating system, resulting in several system modules not functioning properly.

To ensure service stability and security, we will be replacing the OS drive and performing a fresh operating system installation on May 13 at 12:00 PM SGT.

Please note the following:

• Your server IP addresses will remain unchanged after the migration.
• The migration and restoration process is expected to take approximately 48–72 hours to complete.

Our team is fully committed to completing this process as quickly and safely as possible while minimizing disruption to your services.

We understand the importance of keeping you informed, and we will continue to provide regular updates regarding the migration progress through this news thread.

If you have any questions or concerns, please do not hesitate to contact our technical support team.

Thank you for your understanding, patience, and continued trust in our services.

 ========

We are pleased to inform you that the server migration and restoration process has now been completed successfully, and the services are currently accessible.

Please note the following important updates regarding DNS configuration:

• If your domains are using our default nameservers, no DNS changes are required from your end.
• If you are using external DNS providers or services such as Cloudflare, please ensure that your domain A records are pointed to the following IP address:

64.120.114.206

Due to the temporary shortage of IP availability following the migration process, we have currently assigned a single shared IP address for domain resolution on the server. Additional IP addresses will be gradually added and assigned to accounts accordingly.

Once the new IP allocations are completed, we will provide further updates and notify you regarding any required DNS changes for your domains.

We sincerely appreciate your patience, cooperation, and understanding throughout this process.

Thank you,

Skynethosting.net

Hello,

We would like to inform you that the recent cPanel/WHM security incident (CVE-2026-41940) has caused corruption to the server operating system, resulting in several system modules not functioning properly.

To ensure service stability and security, we will be replacing the OS drive and performing a fresh operating system installation on May 13 at 9:00 PM SGT.

Please note the following:

• Your server IP addresses will remain unchanged after the migration.
• The migration and restoration process is expected to take approximately 48–72 hours to complete.

Our team is fully committed to completing this process as quickly and safely as possible while minimizing disruption to your services.

We understand the importance of keeping you informed, and we will continue to provide regular updates regarding the migration progress through this news thread.

If you have any questions or concerns, please do not hesitate to contact our technical support team.

Thank you for your understanding, patience, and continued trust in our services.

Best Regards,

SkyNetHosting.Net

 ===========================

Update:

Hello,

We would like to inform you that the migration and restoration process for the SGVIP4 server has now been completed successfully, and the services are currently accessible and operational.

Please note that the server IP addresses remain unchanged for SGVIP4, therefore no DNS or A record changes are required from your end.

You may access the server services using the following direct URLs:

WHM Access:

https://sgvip4.noc401.com:2087/

cPanel Access:

https://sgvip4.noc401.com:2083/

If you encounter any issues accessing your websites, cPanel accounts, or related services, please reach out to us on ticket with the affected domain name(s) so that we can investigate and assist you further.

Please also note that we are currently handling a significantly high volume of support requests related to the recent incident. As a result, there may be a delay in our response times. We kindly request your patience and recommend replying only to your latest active ticket regarding the same issue to help us avoid duplicate handling and assist all clients more efficiently.

We sincerely appreciate your patience, cooperation, and understanding throughout this process.

 Thank you,

Skynethosting.net

Update: CloudLinux Kernel Vulnerability (CVE-2026-31431)

 We would like to inform you of an additional security update relevant to our ongoing remediation efforts.

A newly identified vulnerability affecting CloudLinux systems (CVE-2026-31431) has been reported.

https://blog.cloudlinux.com/cve-2026-31431-copy-fail-kernel-update

As part of our proactive security measures, we are currently applying the required kernel updates across all affected systems alongside the ongoing cPanel security remediation.

In addition:

• Systems that have already been brought back online are being re-verified to ensure full compliance with the latest patches.
• Additional validation steps are being carried out to maintain system integrity and security standards.

Impact Status

There is no confirmed impact within our infrastructure at this time

Service Impact

Due to these additional security checks, there may be minor delays in the overall restoration timeline

Client Action Required

• No action is required from clients at this stage

We remain committed to ensuring the highest level of security and will continue to share updates as necessary.

SkyNetHosting.Net Inc
Security & Infrastructure Team

cPanel Security Incident – Live Updates

[Update 11 – 07 May 2026 | 7:54 AM GMT]

Recovery is nearly complete, with the majority of systems back online. However, cPanel remains turned off as we are taking a full backup to prevent any vulnerabilities. After the backup process is completed, you will get access to cPanel.

Current Progress:

• Shared & SEO Servers: 100% Online, except Tania (No ETA), Nicole (No ETA), Kylie (ETA 24H), and Britz (ETA 18H)
• All Reseller Servers: Websites are 100% Online, except USVIP2 (No ETA), Corp1 (No ETA), Mint2 (No ETA), HKVIP1 (No ETA), and Budget1 (ETA 24H)
• VPS Servers: 95% Online
• Baremetal Dedicated Servers: 98% Online
• Smart Cloud Servers: 97% Online
• Services using DirectAdmin Control Panel: Not affected

Notes:

• We have received over 2,000 support tickets. Due to our team focusing on server recovery, response times for tickets and chats may be slower than usual. Once all servers are fully online, we will prioritize the resolution of these tickets and restore response times to normal.

[Update 10 – 07 May 2026 | 7:54 AM GMT]

Recovery is nearly complete with the majority of systems back online. However, cPanel remains turned off across all servers until cPanel Inc. provides a permanent solution for the critical vulnerability (CVE-2026-41940).

Current Progress:

• Shared & SEO Servers: 100% Online, except Tania, Nicole, Kylie, and Britz
• All Reseller Servers: Websites are 100% Online, except USVIP1, USVIP2, Corp1, Mint2, HKVIP1, and Budget1
• VPS Servers: 80% Online
• Baremetal Dedicated Servers: 95% Online
• Smart Cloud Servers: 80% Online
• Services using DirectAdmin Control Panel: Not affected

Note: cPanel remains turned OFF on all servers until a permanent solution for the vulnerability is provided by cPanel Inc.

[Update 9 – 04 May 2026 | 11:19 AM GMT]

The recovery process is nearing completion. We are on track to have the majority of servers fully patched, updated, and back online shortly, with only a few systems that were more significantly impacted requiring additional recovery work.

Current Progress:

• Shared & SEO Servers: 60% online
• USA Reseller Servers: 95% online (all servers online except 5 servers)
• Reseller Servers (Other Locations): 85% online
• VPS Servers: 70% online
• Baremetal Dedicated Servers: 90% online
• Smart Cloud Servers: 80% online
• Services using DirectAdmin Control Panel: 100% online (Not affected)

[Update 8 – 03 May 2026 | 4:54 PM GMT]

The recovery process is progressing well. Within the next 24 hours, we expect the majority of servers to be fully patched, updated, and brought back online, with the exception of a limited number of systems that were more deeply affected by the incident and require additional recovery work.

Current Progress:

• Shared & SEO Servers: 50% online
• USA Reseller Servers: 90% online
• Reseller Servers (Other Locations): 60% online
• VPS Servers: 65% online
• Baremetal Dedicated Servers: 70% online
• Smart Cloud Servers: 60% online
• Services using DirectAdmin Control Panel: Not affected

[Update 7 – 03 May 2026 | 4:05 PM GMT]

The recovery process is ongoing. 50% of the affected SEO servers have been successfully restored. Additionally, 30% of Baremetal and SmartCloud servers have been fully restored.

[Update 6 – 02 May 2026 | 07:37 AM GMT]

Recovery progress continues. Approximately 40% of affected servers have been fully restored, and 80% of USA reseller servers are now online. Websites and email are operational on restored servers, except cPanel/webmail, which remains disabled for security reasons.

[Update 5 – 02 May 2026 | 08:30 AM GMT]
Recovery in progress. Approximately 15% of all servers and 30% of reseller hosting servers have been restored, upgraded, and secured. Work continues on remaining systems.

[Update 4 – 02 May 2026 | 06:00 AM GMT]
Server rebuild and patching ongoing. Systems are being OS reloaded and upgraded to fully patched environments before being brought online.

[Update 3 – 01 May 2026 |  10:30 PM GMT]

Initial recovery phase started. Affected systems isolated and security validation process initiated.

[Update 2 – 01 May 2026 | 01:00 PM GMT]
All cPanel servers taken offline as a precaution due to *critical vulnerability (CVE-2026-41940)* actively being exploited globally.

[Update 1 – 01 May 2026 | 12:30 PM GMT]
Security advisory issued. Investigation and containment measures initiated.

Latest Information & Details

Full advisory and updates:

https://skynethelp.com/index.php?/News/NewsItem/View/493/critical-security-advisory-temporary-shutdown-of-cpanel-based-services

SkyNet blog article:

https://skynethosting.net/blog/cpanel-hack-cve-2026-41940/

Technical analysis (WatchTowr):

https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940

Community discussion:

https://www.reddit.com/r/cpanel/comments/1syyajp/massive_cpanel_0day_auth_bypass_hits_web_hosting

Note:

Updates will be posted here as progress continues.

Update: cPanel Security Incident – Recovery Progress

We would like to provide an important update regarding the ongoing cPanel/WHM security incident (CVE-2026-41940)

Current Progress

As of now:

• Approximately 15% of all affected servers have been fully restored, upgraded, and secured.
• Over 30% of our reseller hosting servers have been successfully recovered and brought back online.
  
  

All restored systems have been:

• Upgraded to patched versions
• Fully rebuilt (OS reload) where required
• Security-hardened before reactivation

Due to the severity of the incident, we are not publishing specific server names publicly as part of our security policy.

 Why Recovery is Taking Time

This vulnerability is classified as critical (CVSS 9.8) and allows attackers to bypass authentication and gain administrative access without credentials.

Security researchers have confirmed:

• Active exploitation in the wild
• Potential for full server compromise including websites, databases, and configurations

Given the scale and risk, each server must go through a complete security validation process before being brought back online.

Our Recovery Approach

We are following a strict, security-first recovery process:

1. Isolation of affected systems
2. Full OS reload and environment rebuild
3. Upgrade to latest patched cPanel versions
4. Security hardening and access restrictions
5. Data validation and service testing
6. Controlled reactivation

This ensures that restored services are stable, secure, and not vulnerable to re-exploitation

 What This Means for Clients

• Services are being restored in phases, not all at once
• Priority is given to system integrity and security over speed
• Some services may take longer due to deeper validation requirements

Further Reading & Transparency

For full details on this incident and technical background, you may refer to:

• https://skynethelp.com/index.php?/News/NewsItem/View/493/critical-security-advisory-temporary-shutdown-of-cpanel-based-services
• https://skynethosting.net/blog/cpanel-hack-cve-2026-41940/](https://skynethosting.net/blog/cpanel-hack-cve-2026-41940
• https://labs.watchtowr.com/the-internet-is-falling-down-falling-down-falling-down-cpanel-whm-authentication-bypass-cve-2026-41940
• https://www.reddit.com/r/cpanel/comments/1syyajp/massive_cpanel_0day_auth_bypass_hits_web_hosting

Next Steps

Our teams are continuing to work around the clock to:

• Accelerate recovery across remaining servers
• Monitor for any suspicious activity
• Ensure all restored environments meet strict security standards

Ongoing Updates

We will continue to provide progress updates here:

•  https://skynethelp.com/index.php?/News/NewsItem/View/493/critical-security-advisory-temporary-shutdown-of-cpanel-based-services

We sincerely appreciate your continued patience and understanding as we work through this incident with the highest priority on security and service reliability.

SkyNetHosting.Net Inc.

Security & Infrastructure Team