Compromised Site Management Panels are a Hot Item in Cybercrime Markets
Bleeping Computer
by Sponsored by FlareMarch 3, 2026
AI-Generated Deep Dive Summary
Cybercriminals are increasingly exploiting compromised cPanel credentials in bulk on underground markets, using them as plug-and-play tools for phishing, scams, and other malicious activities. These credentials provide attackers with unauthorized access to web hosting control panels, enabling wide-scale attacks such as deploying backdoors, creating admin users, and stealing sensitive data. According to research by Flare security experts, over 200,000 posts referencing cPanel access were analyzed across fraudulent channels, revealing a thriving ecosystem where these credentials are commoditized and sold at commodity-level pricing.
cPanel, one of the most widely used web hosting control panels globally, offers attackers significant power. With compromised cPanel access, threat actors can gain root server access, deploy malware, steal data, or create phishing campaigns under legitimate domains. This level of control is particularly dangerous because it allows attackers to carry out activities that may not immediately trigger traditional security alerts, as they are using valid credentials. In shared hosting environments, a single compromised cPanel can grant access to multiple domains, amplifying the potential damage.
The rise in demand for cPanel credentials stems from their versatility and ease of use. Attackers obtain these credentials through various methods, including brute-force attacks, phishing campaigns, and exploiting vulnerabilities in hosted websites or server configurations. Outdated CMS platforms like WordPress or Drupal, along with misconfigured systems, often serve as entry points for attackers to gain initial access, which they can then escalate to full cPanel control. This trend highlights the growing sophistication of cybercrime markets, where compromised credentials are treated as valuable commodities.
For organizations and individuals relying on web hosting services, the risks are significant. Compromised cPanels allow attackers to launch persistent campaigns, such as deploying backdoors for long-term access or using legitimate domains to distribute phishing emails. These activities often remain undetected due to the use of valid credentials, making early detection critical. Security professionals must stay vigilant and implement robust measures like multi-factor authentication, regular password updates, and monitoring of underground markets for compromised credentials.
The commoditization of cPanel access underscores the need for proactive threat detection
Verticals
securitytech
Originally published on Bleeping Computer on 3/3/2026