A previously unidentified threat actor is leveraging a critical vulnerability in cPanel to launch targeted attacks against government and military entities in Southeast Asia, as well as managed service providers (MSPs) in various countries, including the Philippines, Laos, Canada, South Africa, and the U.S. The vulnerability, which was recently disclosed, is being exploited to compromise networks, with the threat actor's activities first detected on May 2, 2026, by Ctrl-Alt-Intel1. The attacks underscore the importance of promptly patching vulnerabilities, particularly in widely used software like cPanel, to prevent exploitation by malicious actors. The fact that the threat actor is targeting government and military entities suggests a high level of sophistication and potential geopolitical motivations. This matters to cybersecurity practitioners because it highlights the need for swift vulnerability management and proactive defense strategies to protect against targeted attacks.