BleepingComputer reports that almost all of the 21,761 internet-exposed CyberPanel instances impacted by a critical remote code execution flaw have been disrupted following a massive PSAUX ransomware attack.
Most of the vulnerable CyberPanel implementations, which could be taken over using the security issue, were in the U.S., followed by Germany, Singapore, Indonesia, and India, according to threat intelligence search engine LeakIX. Attacks conducted as part of the campaign involved a pair of scripts, with one for CyberPanel bug exploitation and the other for file encryption. However, PSAUX's file encryption script had a weakness that enabled LeakIX to develop a decryptor for files compromised by the ransomware. Organizations with affected CyberPanel instances have been urged to immediately download the latest version of the software from GitHub that resolves the RCE, which is yet to be given a Common Vulnerabilities and Exposures designation.