Key Findings Unknown threat actor exploiting CVE-2026-41940, a critical authentication bypass vulnerability in cPanel and WHM, targeting government and military entities in Southeast Asia Attack infrastructure originating from IP address 95.111.250[.]175, primarily focusing on Philippines and Laos government and military domains Concurrent targeting of MSPs and hosting providers across Philippines, Laos, Canada, South Africa, and the United States using publicly available pro