cPanel Security Incident — Recovery Progress & Live Updates

Recovery is moving forward in phases. Around half of the affected SEO environments are now back online, and roughly one-third of the impacted Baremetal and SmartCloud systems have completed restoration. The remaining systems are still going through controlled rebuild, security review, and staged service return checks before access is reopened.

An additional kernel-level security review is being applied across relevant systems as part of the recovery track. Systems that were already brought back online are also being rechecked against the latest hardening requirements. No customer action is required, but these extra safeguards may slightly extend the overall restoration timeline.

Recovery continued to expand across the affected estate, with about 40% of impacted servers restored and a large portion of USA reseller capacity returned. On recovered systems, websites and email may already be available, while cPanel and webmail remain temporarily restricted until the final security clearance is completed.

Early restoration milestones were achieved across the affected platform, including a meaningful portion of reseller environments. At that stage, systems were still moving through patching, hardening, and service validation before normal access could resume.

Rebuild and patch work continued through the night. Affected environments are being reloaded, upgraded, and fully checked before being returned to production use.

The first recovery wave began after containment was completed. Isolated systems moved into verification and staged restoration.

As a safety measure, affected cPanel-related services were temporarily taken offline while the incident was being contained and reviewed.

Hostao activated incident response procedures immediately after identifying a serious cPanel security event that required containment, review, and controlled recovery planning.