Recurring Server Compromise Enabled by Legacy Infrastructure (CentOS 6)
Scenario One of our clients received an abuse alert from the hosting provider regarding sustained, excessive CPU usage on a server within our infrastructure. The usage patterns were consistent with post-exploitation activity, specifically resource abuse for cryptomining and lateral network scanning. The provider indicated the server was compromised via an unpatched cPanel/WHM installation (CVE-2026-41940), a […]