{"id":47803,"date":"2026-05-02T22:57:18","date_gmt":"2026-05-02T15:57:18","guid":{"rendered":"https:\/\/antoanthongtinhaiphong.gov.vn\/?p=47803"},"modified":"2026-05-05T22:58:13","modified_gmt":"2026-05-05T15:58:13","slug":"khan-lo-hong-nghiem-trong-trong-cpanel-da-bi-khai-thac-nguy-co-chiem-quyen-may-chu-hang-loat","status":"publish","type":"post","link":"https:\/\/antoanthongtinhaiphong.gov.vn\/khan-lo-hong-nghiem-trong-trong-cpanel-da-bi-khai-thac-nguy-co-chiem-quyen-may-chu-hang-loat\/","title":{"rendered":"Kh\u1ea9n: L\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng trong cPanel \u0111\u00e3 b\u1ecb khai th\u00e1c, nguy c\u01a1 chi\u1ebfm quy\u1ec1n m\u00e1y ch\u1ee7 h\u00e0ng lo\u1ea1t"},"content":{"rendered":"<div><b>L\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng mang m\u00e3 CVE-2026-41940 tr\u00ean h\u1ec7 th\u1ed1ng qu\u1ea3n tr\u1ecb hosting cPanel \u0111ang \u0111\u01b0\u1ee3c \u0111\u00e1nh gi\u00e1 c\u1ef1c k\u1ef3 nguy hi\u1ec3m. Kh\u00f4ng ch\u1ec9 d\u1eebng \u1edf m\u1ee9c l\u00fd thuy\u1ebft, c\u00e1c h\u00e3ng b\u1ea3o m\u1eadt qu\u1ed1c t\u1ebf c\u0169ng x\u00e1c nh\u1eadn l\u1ed7 h\u1ed5ng n\u00e0y \u0111\u00e3 b\u1ecb khai th\u00e1c (zero-day) tr\u01b0\u1edbc khi b\u1ea3n v\u00e1 \u0111\u01b0\u1ee3c ph\u00e1t h\u00e0nh, khi\u1ebfn h\u00e0ng lo\u1ea1t m\u00e1y ch\u1ee7 tr\u00ean to\u00e0n c\u1ea7u \u0111\u1ee9ng tr\u01b0\u1edbc nguy c\u01a1 b\u1ecb ki\u1ec3m so\u00e1t ho\u00e0n to\u00e0n.<\/b><br \/>\n\u200b<\/div>\n<div>\n<div class=\"bbImageWrapper  js-lbImage\" title=\"1777622206534.png\" data-src=\"https:\/\/whitehat.vn\/attachments\/1777622206534-png.18942\/\" data-lb-sidebar-href=\"\" data-lb-caption-extra-html=\"\" data-single-image=\"1\"><img loading=\"lazy\" decoding=\"async\" class=\"bbImage\" title=\"1777622206534.png\" src=\"https:\/\/whitehat.vn\/attachments\/1777622206534-png.18942\/\" alt=\"1777622206534.png\" width=\"650\" height=\"364\" data-url=\"\" data-zoom-target=\"1\" \/><\/div>\n<p><i>\u1ea2nh: Helpnet Security<\/i>\u200b<\/div>\n<div>\n\u0110i\u1ec3m nguy hi\u1ec3m n\u1eb1m \u1edf c\u01a1 ch\u1ebf x\u00e1c th\u1ef1c c\u1ee7a cPanel. K\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 l\u1ee3i d\u1ee5ng l\u1ed7i x\u1eed l\u00fd k\u00fd t\u1ef1 \u0111\u1eb7c bi\u1ec7t trong qu\u00e1 tr\u00ecnh \u0111\u0103ng nh\u1eadp \u0111\u1ec3 ch\u00e8n d\u1eef li\u1ec7u gi\u1ea3 v\u00e0o phi\u00ean l\u00e0m vi\u1ec7c. K\u1ebft h\u1ee3p v\u1edbi m\u1ed9t l\u1ed7i k\u1ef9 thu\u1eadt kh\u00e1c trong c\u00e1ch h\u1ec7 th\u1ed1ng l\u01b0u tr\u1eef v\u00e0 \u0111\u1ed3ng b\u1ed9 d\u1eef li\u1ec7u phi\u00ean g\u1ecdi l\u00e0 \u201crace condition\u201d, hacker c\u00f3 th\u1ec3 \u0111\u00e1nh l\u1eeba h\u1ec7 th\u1ed1ng r\u1eb1ng \u0111\u00e3 \u0111\u0103ng nh\u1eadp h\u1ee3p l\u1ec7. K\u1ebft qu\u1ea3 l\u00e0 truy c\u1eadp tr\u1ef1c ti\u1ebfp v\u00e0o giao di\u1ec7n qu\u1ea3n tr\u1ecb v\u1edbi quy\u1ec1n cao nh\u1ea5t m\u00e0 kh\u00f4ng c\u1ea7n m\u1eadt kh\u1ea9u.<\/p>\n<p>Theo \u0111\u00e1nh gi\u00e1, l\u1ed7 h\u1ed5ng n\u00e0y \u0111\u1ea1t \u0111i\u1ec3m CVSS 9,8\/10 cho ph\u00e9p th\u1ef1c hi\u1ec7n h\u00e0ng lo\u1ea1t h\u00e0nh vi nguy hi\u1ec3m: chi\u1ebfm quy\u1ec1n m\u00e1y ch\u1ee7, \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u website v\u00e0 c\u01a1 s\u1edf d\u1eef li\u1ec7u, truy c\u1eadp email doanh nghi\u1ec7p, c\u00e0i m\u00e3 \u0111\u1ed9c ho\u1eb7c ransomware, th\u1eadm ch\u00ed m\u1edf r\u1ed9ng t\u1ea5n c\u00f4ng sang c\u00e1c h\u1ec7 th\u1ed1ng kh\u00e1c trong c\u00f9ng m\u1ea1ng. \u0110\u00e1ng ch\u00fa \u00fd, m\u1ed9t s\u1ed1 d\u1ea5u hi\u1ec7u cho th\u1ea5y k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 x\u00f3a ho\u1eb7c l\u00e0m nhi\u1ec5u log, khi\u1ebfn vi\u1ec7c ph\u00e1t hi\u1ec7n b\u1ecb x\u00e2m nh\u1eadp tr\u1edf n\u00ean kh\u00f3 kh\u0103n h\u01a1n.<\/p>\n<p>Ph\u1ea1m vi \u1ea3nh h\u01b0\u1edfng l\u00e0 c\u1ef1c k\u1ef3 r\u1ed9ng. cPanel hi\u1ec7n \u0111ang v\u1eadn h\u00e0nh kho\u1ea3ng 70 tri\u1ec7u t\u00ean mi\u1ec1n tr\u00ean to\u00e0n c\u1ea7u, bao g\u1ed3m h\u00e0ng tri\u1ec7u doanh nghi\u1ec7p, d\u1ecbch v\u1ee5 tr\u1ef1c tuy\u1ebfn v\u00e0 h\u1ec7 th\u1ed1ng email. T\u1ea1i Vi\u1ec7t Nam, c\u00e1c nh\u00e0 cung c\u1ea5p hosting, doanh nghi\u1ec7p v\u1eeba v\u00e0 nh\u1ecf, website th\u01b0\u01a1ng m\u1ea1i \u0111i\u1ec7n t\u1eed v\u00e0 nhi\u1ec1u h\u1ec7 th\u1ed1ng d\u1ecbch v\u1ee5 s\u1ed1 \u0111\u1ec1u c\u00f3 nguy c\u01a1 b\u1ecb \u1ea3nh h\u01b0\u1edfng n\u1ebfu ch\u01b0a c\u1eadp nh\u1eadt b\u1ea3n v\u00e1.<\/p>\n<p>C\u00e1c chuy\u00ean gia c\u1ea3nh b\u00e1o, nh\u1eefng m\u00e1y ch\u1ee7 ch\u01b0a v\u00e1 t\u1eeb cu\u1ed1i th\u00e1ng 4\/2026 \u0111\u1ebfn nay c\u00f3 kh\u1ea3 n\u0103ng \u0111\u00e3 tr\u1edf th\u00e0nh m\u1ee5c ti\u00eau t\u1ea5n c\u00f4ng. Ngay c\u1ea3 khi ch\u01b0a ph\u00e1t hi\u1ec7n d\u1ea5u hi\u1ec7u r\u00f5 r\u00e0ng, qu\u1ea3n tr\u1ecb vi\u00ean v\u1eabn c\u1ea7n coi h\u1ec7 th\u1ed1ng l\u00e0 c\u00f3 nguy c\u01a1 b\u1ecb x\u00e2m nh\u1eadp v\u00e0 ti\u1ebfn h\u00e0nh ki\u1ec3m tra to\u00e0n di\u1ec7n.<\/p>\n<p>Gi\u1ea3i ph\u00e1p l\u00fac n\u00e0y kh\u00f4ng c\u00f3 l\u1ef1a ch\u1ecdn thay th\u1ebf: H\u00e3y c\u1eadp nh\u1eadt cPanel ngay l\u1eadp t\u1ee9c l\u00ean phi\u00ean b\u1ea3n \u0111\u00e3 \u0111\u01b0\u1ee3c v\u00e1. Trong tr\u01b0\u1eddng h\u1ee3p ch\u01b0a th\u1ec3 c\u1eadp nh\u1eadt, c\u1ea7n t\u1ea1m th\u1eddi ch\u1eb7n truy c\u1eadp t\u1eeb Internet v\u00e0o c\u00e1c c\u1ed5ng qu\u1ea3n tr\u1ecb, \u0111\u1ed3ng th\u1eddi r\u00e0 so\u00e1t to\u00e0n b\u1ed9 h\u1ec7 th\u1ed1ng nh\u01b0 \u0111\u1ed5i m\u1eadt kh\u1ea9u, ki\u1ec3m tra t\u00e0i kho\u1ea3n, t\u00ecm backdoor v\u00e0 \u0111\u00e1nh gi\u00e1 log truy c\u1eadp.<\/p>\n<p>\u0110\u1eebng ch\u1ee7 quan khi coi \u0111\u00e2y l\u00e0 m\u1ed9t l\u1ed7 h\u1ed5ng k\u1ef9 thu\u1eadt th\u00f4ng th\u01b0\u1eddng, m\u00e0 \u0111\u00e2y l\u00e0 t\u00ecnh hu\u1ed1ng kh\u1ea9n c\u1ea5p \u1edf quy m\u00f4 to\u00e0n c\u1ea7u. Vi\u1ec7c ch\u1eadm tr\u1ec5 x\u1eed l\u00fd c\u00f3 th\u1ec3 \u0111\u1ed3ng ngh\u0129a v\u1edbi vi\u1ec7c m\u1ea5t to\u00e0n b\u1ed9 quy\u1ec1n ki\u1ec3m so\u00e1t h\u1ec7 th\u1ed1ng. V\u1edbi c\u00e1c \u0111\u01a1n v\u1ecb \u0111ang v\u1eadn h\u00e0nh cPanel, th\u1eddi gian ph\u1ea3n \u1ee9ng l\u00fac n\u00e0y \u0111\u01b0\u1ee3c t\u00ednh b\u1eb1ng ph\u00fat v\u00e0 gi\u1edd.<br \/>\n\u200b<\/p><\/div>\n<div style=\"text-align: right;\"><b><i>Theo CPanel, TrendMicro<\/i><\/b><\/div>\n","protected":false},"excerpt":{"rendered":"<p>L\u1ed7 h\u1ed5ng nghi\u00eam tr\u1ecdng mang m\u00e3 CVE-2026-41940 tr\u00ean h\u1ec7 th\u1ed1ng qu\u1ea3n tr\u1ecb hosting cPanel \u0111ang \u0111\u01b0\u1ee3c \u0111\u00e1nh gi\u00e1 c\u1ef1c k\u1ef3 nguy hi\u1ec3m. Kh\u00f4ng ch\u1ec9 d\u1eebng \u1edf m\u1ee9c l\u00fd thuy\u1ebft, c\u00e1c h\u00e3ng b\u1ea3o m\u1eadt qu\u1ed1c t\u1ebf c\u0169ng x\u00e1c nh\u1eadn l\u1ed7 h\u1ed5ng n\u00e0y \u0111\u00e3 b\u1ecb khai th\u00e1c (zero-day) tr\u01b0\u1edbc khi b\u1ea3n v\u00e1 \u0111\u01b0\u1ee3c ph\u00e1t h\u00e0nh, khi\u1ebfn h\u00e0ng [&hellip;]<\/p>\n","protected":false},"author":20,"featured_media":47804,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"tdm_status":"","tdm_grid_status":"","footnotes":""},"categories":[3,24,35],"tags":[],"class_list":["post-47803","post","type-post","status-publish","format-standard","has-post-thumbnail","category-canh-bao-khuyen-nghi","category-tin-noi-bat","category-tin-tuc-su-kien"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47803","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/comments?post=47803"}],"version-history":[{"count":1,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47803\/revisions"}],"predecessor-version":[{"id":47805,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/posts\/47803\/revisions\/47805"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media\/47804"}],"wp:attachment":[{"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/media?parent=47803"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/categories?post=47803"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/antoanthongtinhaiphong.gov.vn\/wp-json\/wp\/v2\/tags?post=47803"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}