Ransomware trifft Webhosting-Server über anfällige CyberPanel-Instanzen

A threat actor – or possibly several – has hit approximately 22,000 vulnerable instances of CyberPanel and encrypted files on the servers running it with the PSAUX and other ransomware.

The CyberPanel vulnerabilities
CyberPanel is a widely used open-source control panel that’s used for managing servers used for hosting websites.

Two critical command injection vulnerabilities (CVE-2024-51378 and CVE-2024-51567) affecting CyberPanel versions 2.3.6 and (unpatched) 2.3.7 have been publicly documented earlier this week by the security researchers – refr4g and DreyAnd – who unearthed and reported them.

The posts were made public just a few days after the panel’s maintainers committed fixes for the two very similar flaws, which allow attackers to bypass authentication requirements and remotely execute arbitrary commands on the server.

The CyberPanel maintainers announced the release of the security patches, but they did not issue a newer version of the software nor assigned CVE numbers to the flaws at that time. The latest CyberPanel version is v2.3.7 and is, as noted earlier, vulnerable if the fixes haven’t been applied by using the upgrade function.

Unfortunately, multiple ransomware groups were quick to jump at the opportunity to exploit one or both vulnerabilities.

According to cybersecurity company LeakIX, on Monday there were nearly 22,000 vulnerable CyberPanel instances exposed online, and on Tuesday that number fell to around 400.

“Looks like someone took some liberty and wiped 20k CyberPanel instances as they all started responding 500s,” the company said.

PSAUX decryptor available
Users that have been hit by the threat actors are searching for answers on CyberPanel’s community forum.

LeakIX has created a decryptor for those who have been hit with the ransomware that appends the .psaux extension to the encrypted files.

“We don’t know if there are multiple groups competing or if they changed their script [to add the .encryp and .locked extensions instead of .psaux],” LeakIX CTO Gregory Boddin says.

The situation is evolving quickly, and we’ll update this article when we know more.

Kommentar verfassen Kommentieren abbrechen

London, GB

2:29 pm, Juni 26, 2025

23°C

L: 22° | H: 25°

Fühlt sich an wie 23°C° broken clouds

Luftfeuchtigkeit: 61 %

Druck: 1011 mb

Wind: 17 mph SW

Windböe: 0 mph

UV-Index: 0

Niederschlag: 0 mm

Wolken: 75%

Regen Chance: 0%

Sichtbarkeit: 10 km

Sonnenaufgang: 4:44 am

Sonnenuntergang: 9:21 pm

TäglichStündlich

Tägliche VorhersageStündliche Vorhersage

Today 10:00 pm

22° | 25°°C 0 mm 0% 17 mph 54 % 1018 mb 0 mm/h

Tomorrow 10:00 pm

17° | 28°°C 0 mm 0% 13 mph 62 % 1021 mb 0 mm/h

Sa. Juni 28 10:00 pm

18° | 28°°C 0 mm 0% 11 mph 89 % 1024 mb 0 mm/h

So. Juni 29 10:00 pm

19° | 32°°C 0 mm 0% 7 mph 76 % 1024 mb 0 mm/h

Mo. Juni 30 10:00 pm

22° | 35°°C 0 mm 0% 12 mph 68 % 1019 mb 0 mm/h

Today 4:00 pm

23° | 23°°C 0 mm 0% 17 mph 54 % 1011 mb 0 mm/h

Today 7:00 pm

22° | 22°°C 0 mm 0% 15 mph 46 % 1014 mb 0 mm/h

Today 10:00 pm

17° | 17°°C 0 mm 0% 9 mph 48 % 1018 mb 0 mm/h

Tomorrow 1:00 am

17° | 17°°C 0 mm 0% 8 mph 55 % 1020 mb 0 mm/h

Tomorrow 4:00 am

17° | 17°°C 0 mm 0% 7 mph 62 % 1020 mb 0 mm/h

Tomorrow 7:00 am

17° | 17°°C 0 mm 0% 7 mph 59 % 1020 mb 0 mm/h

Tomorrow 10:00 am

22° | 22°°C 0 mm 0% 11 mph 51 % 1021 mb 0 mm/h

Tomorrow 1:00 pm

26° | 26°°C 0 mm 0% 12 mph 45 % 1020 mb 0 mm/h

Name	Preis	24H (%)
Bitcoin(BTC)	€91,568.49	-0.69%
Ethereum(ETH)	€2,083.38	-0.19%
Fesseln(USDT)	€0.86	-0.02%
XRP(XRP)	€1.84	-2.48%
Solana(SOL)	€122.06	-3.10%
USDC(USDC)	€0.85	0.00%
Dogecoin(DOGE)	€0.136866	-3.83%
Shiba Inu(SHIB)	€0.000009	-3.60%
Pepe(PEPE)	€0.000008	-8.64%

Ransomware trifft Webhosting-Server über anfällige CyberPanel-Instanzen

Teilen:

Kommentar verfassen Kommentieren abbrechen

Verbindung zum Dienstprogramm

Nützlicher Link

Newsletter

Folgen Sie uns