cPanel Security Incident — Recovery Progress & Live Updates

Recovery has moved forward again. Current provider-side progress now shows Shared and SEO servers at 50% online, USA reseller servers at 90% online, reseller servers in other locations at 60% online, VPS servers at 65% online, Baremetal dedicated servers at 70% online, and Smart Cloud servers at 60% online. The current expectation is that most remaining affected systems will complete patching, hardening, and return-to-service work within the next 24 hours, while a smaller number of more heavily affected systems may still need deeper recovery before access is fully reopened.

Recovery is moving forward in phases. Around half of the affected SEO environments are now back online, and roughly one-third of the impacted Baremetal and SmartCloud systems have completed restoration. The remaining systems are still going through controlled rebuild, security review, and staged service return checks before access is reopened.

An additional kernel-level security review is being applied across relevant systems as part of the recovery track. Systems that were already brought back online are also being rechecked against the latest hardening requirements. No customer action is required, but these extra safeguards may slightly extend the overall restoration timeline.

Recovery continued to expand across the affected estate, with about 40% of impacted servers restored and a large portion of USA reseller capacity returned. On recovered systems, websites and email may already be available, while cPanel and webmail remain temporarily restricted until the final security clearance is completed.

Early restoration milestones were achieved across the affected platform, including a meaningful portion of reseller environments. At that stage, systems were still moving through patching, hardening, and service validation before normal access could resume.

Rebuild and patch work continued through the night. Affected environments are being reloaded, upgraded, and fully checked before being returned to production use.

The first recovery wave began after containment was completed. Isolated systems moved into verification and staged restoration.

As a safety measure, affected cPanel-related services were temporarily taken offline while the incident was being contained and reviewed.

Hostao activated incident response procedures immediately after identifying a serious cPanel security event that required containment, review, and controlled recovery planning.