GrayscaleInsight
Subscriber-only

Cyber Threat Intelligence — subscriber access

The CTI dashboard tracks dark-web disclosures, ransomware claims, data leaks and active threat actors. Full event list, threat-actor profiles and historical archive are available to subscribers.

View pricing Log in
Access Brokerage Disclosed · 1 May 2026 Actor · watari

Alleged Sale of cPanel Root access to unidentified server in the United States

Disclosed
1 May 2026 · 10:11:11 UTC
Source channel
openweb
Category (raw)
Initial Access
Category (norm)
access_brokerage
Victim
Country
United States

Original content

The threat actor claims to be selling full root access to an unidentified cPanel/WHM server in the United States, including SSH access, 41 MySQL databases, Docker access, and approximately 2,404 user records with emails and passwords, along with WordPress admin credentials and multiple associated sites.

Source disclosure
https://breached.st/threads/for-sale-usa-cpanel-root-41-dbs-2-400-user-list-docker-available.86535/
View original