H4Y Technologies: iWebFusion and iCloudFusion

04/30/2026

What a month it has been!

🔐 SECURITY ALERT | Important Update for All H4Y Clients

We're reaching out to keep you informed about two critical vulnerabilities currently being actively exploited in the wild that affect cPanel/WHM and Linux-based servers — including CloudLinux.

⚠️ What's happening?

1️⃣ CVE-2026-41940 – cPanel/WHM Authentication Bypass (CVSS 9.8 – Critical)
A serious flaw in cPanel allows attackers to bypass login entirely and gain root-level access to a server — without a password. It affects all cPanel/WHM versions after v11.40 and has been actively exploited since at least February 2026. Ransomware attacks encrypting files with a ".sorry" extension have already been reported across thousands of servers globally.

2️⃣ CVE-2026-31431 – Linux Kernel "Copy Fail" Privilege Escalation
A 9-year-old flaw in the Linux kernel (affecting every major distro since 2017, including CloudLinux) allows someone already on a server to escalate their privileges to root. A working public exploit is available.

Additionally, cPanel pre-disclosed three NEW CVEs today (CVE-2026-29201, 29202, 29203) with patches releasing today, May 8.

---

✅ FOR MANAGED CLIENTS:
You're in good hands — our team is actively monitoring the situation and applying patches across internal servers. We are relying upon automated updates for managed servers but please contact us if you want us to give immediate special attention to your host.

---

🔧 FOR SELF-MANAGED CLIENTS — Action Required:
Please take the following steps as soon as possible:

▶ Patch cPanel/WHM immediately:
SSH into your server and run: /scripts/upcp
Confirm you're on the latest patched build by running: /usr/local/cpanel/cpanel -V

▶ Patch your Linux Kernel (fixes Copy Fail):
Run: yum update kernel (CloudLinux/AlmaLinux/CentOS)
or: apt update && apt upgrade (Debian/Ubuntu)
Then reboot your server to load the new kernel.

▶ For new cPanel CVEs (29201/29202/29203):
Run /scripts/upcp after 12:00 PM EST today (May 8) to pull the latest Technical Support Release.

▶ Check for signs of compromise:
Look for files renamed with a .sorry extension, unexpected cron jobs, new SSH keys, or unknown user accounts.

▶ Verify your backups are intact and offsite.

---

📩 Questions or need help? Open a support ticket or reach out to us directly — we're here for you.

Stay safe out there. 🛡️
— The H4Y Team

03/05/2026

An EPYC leap in performance — iWF VPS Hosting and Cloud Compute has evolved. Scale smarter with cutting edge, ultra-massive core count and high clockspeed AMD EPYC 9### Hypervisor Nodes. Zero limits. SIMPLY EPYC!!
Current line-up features AMD EPYC 9754 CPUs and VirtFusion Control Panel

Compare here: https://www.iwebfusion.net/epyc-vps

10% OFF Coupon code: BFCM10

09/02/2025

Announcement: We will be replacing antiquated versions of ConfigServer Firewall with the new GNU release on all shared and cPanel servers. We suggest clients with managed servers to contact us if they require assistance doing the same.

LINK:

07/20/2025

We are pleased to announce a new acquisition! CynderHost, a leader in managed Wordpress hosting, is now part of the H4Y family of hosting brands! Fun fact: H4Y has actually powered CynderHost behind the scenes for years! For all CynderHost clients, a warm WELCOME!!

03/07/2025

RE-Introducing [B]uild [Y]our [O]wn [S]erver v2.0!

BUILD YOUR "ALA CARTE" CUSTOM SERVER NOW: https://byos.h4y.us

For almost 25 years, H4Y has been known for its unique and custom product and server options. "If it can be built, we can build it" has been our motto. Whether you need self-managed infrastructure or our famous "Meticulous Management", H4Y is all about options. Control panel options. Datacenter options. Bandwidth options. CPU / Memory / RAM / Disk / RAID / OS / etc, etc options options options!

CLEARANCE: Use coupon code: BYOS20GO for an additional 10% off ALL SERVERS!!

12/31/2024

Happy New Year from all of us at H4Y and iWebFusion!! Warm wishes for 2025 to our friends, followers, fans, and all of our clients! We are always quick to highlight the fact that our clients' success and our success is one and the same. We are a function of one another. A law of nature. Cheers to nearly 24 years of smashing success!

08/19/2024

Our migration and scheduled upgrade is complete and we are sitting pretty with our shiny new, wholly owned Cisco network and hardware safely housed inside our new, modern PCI/DSS + HIPAA COMPLIANT / SOC 2 TYPE II CERTIFIED datacenter space at 3101 International Airport Dr. in Charlotte, NC! Onward and upward!!

08/18/2024

A MASSIVE upgrade and migration to our new building in Charlotte, NC at 3101 International Airport Dr is due for completion tonight! Check our network status page for real-time updates. With 400Gbps of capacity on tap and all new redundant 40G-100G Cisco networking, H4Y and iWebFusion has the room to support your growth for decades to come!

04/04/2024

Your server's security is our business! We're contacting clients about a vulnerability found in AlmaLinux, CentOS, and CloudLinux 8 and 9. CVE-2024-1086 is a particularly nasty exploit as it can easily allow a remote attacker to gain root access to your system. New kernels have been released for all affected operating systems. We highly suggest that you update and reboot your server in order to mitigate this vulnerability.

If you have a managed service with us, please contact us to schedule a reboot (unless you have the Kernelcare service, in which case your kernel has been automatically updated and is safe from this vulnerability even without a reboot).

LINK:

Secure .gov websites use HTTPS A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

12/12/2023

12/12/23: The first round of scheduled power and network maintenance is complete in Bend, Oregon. Props to Jacob Roe-Bauer for making it seem effortless (by way of lots of effort)! H4Y's Bend, OR location is back on redundant power and one step closer to perfection!