A critical cPanel/WebHost Manager flaw tracked as CVE-2026-41940 is being actively exploited to deploy a cross-platform backdoor known as Filemanager. Security researchers tied the activity to a threat actor using the handle Mr_Rot13, and observed rapid, automated scanning and exploitation from thousands of attacker IPs worldwide. The attacks move quickly from an initial authentication bypass to persistent access via injected