Critical LiteSpeed Plugin Vulnerability Puts Shared Hosting at Risk; Dutch Authorities Seize 800 Servers in Major Enforcement Action
Key Themes
Notable Players
CVE-2026-48172 (CVSS 10.0) root privilege escalation actively exploited; affects versions 2.3–2.4.4; allows any customer to take over entire server.
Launching direct hosting competition (shared, WordPress, email) against its own licensees; 2026 Web Hosting Trends Report co-author.
Seized 800 servers from Stark Industries Solutions in May 2026 sanctions enforcement action; dismantled hosting network accused of supporting illegal activity.
Q1 2026: $639.8M revenue (+34% YoY); announced 1,100-employee layoff (20% workforce reduction) as part of AI restructuring.
Announced €1 billion share-based merger creating single listed entity; deal announced May 21, 2026.
Top Stories
CVSS 10.0 root escalation in LiteSpeed cPanel plugin versions 2.3–2.4.4 is under active exploitation. Any customer can take complete control of shared servers.
Dutch financial crime investigators seized 800+ servers, laptops, and phones from Stark Industries Solutions in May 2026 sanctions enforcement action. Major takedown of hosting network accused of supporting illegal activity.
WebPros now directly competing with cPanel/WHMCS licensees by offering shared, WordPress, and email hosting. Major strategic shift putting pressure on existing hosting partners.
2026 Web Hosting Trends Report reveals 41% of small-business customers leaving traditional hosting for SaaS platforms. Customers prioritize ease-of-use over price and features.
CyberFolks and Shoper announced €1B share-based merger on May 21, 2026. Creates major consolidated player in hosting and e-commerce solutions market.
Security & Compliance
Shared hosting providers running LiteSpeed with cPanel plugin face critical risk: any customer can immediately take over entire server. Active exploitation confirmed.
FIOD raided Dronten and Schiphol-Rijk data centers on May 22, 2026, seizing 800 servers, laptops, phones. Major enforcement action against hosting network.
Unverified claim: Home.pl customer database allegedly being sold on dark web forums. No independent verification or official statement from Home.pl yet.
Researchers highlight AI plugin security risks in WordPress ecosystem. New attack vectors emerging as AI tools integrate deeper into hosting platforms.
WHC completed security upgrades across infrastructure following disclosure of multiple vulnerabilities. Proactive patching effort addressing recent CVE landscape.
CIFSwitch Linux kernel local privilege escalation in CIFS/SMB SPNEGO path disclosed; latent since 2007. CloudLinux provides mitigation and kernel updates.
Copy Fail (CVE-2026-31431) and two others exposed as root exploits in rapid succession. Hosting industry faces unprecedented patching urgency.
PinTheft chains RDS zerocopy and io_uring bugs for privilege escalation. CloudLinux platforms confirmed unaffected.
Qualys disclosed ptrace access-check vulnerability enabling privilege escalation through ssh-keysign. CloudLinux provides patched kernel.
Third Linux kernel LPE in XFRM/ESP subsystem disclosed by William Bowling and V12 Security team. Rapid-fire kernel vulnerabilities demanding urgent updates.
nginx-poolslip zero-day reported affecting NGINX 1.31.0; involves request memory pool handling. Disclosed shortly after Rift patch.
Cloud & Infrastructure
AWS Interconnect multicloud achieved GA on April 14, 2026. Direct private Layer 3 connections between AWS and Google Cloud over AWS backbone without egress charges.
Hyperscale AI campuses facing water and wastewater capacity constraints as siting gatekeepers. Water scarcity reshaping cooling strategies and municipal planning.
Hyperscalers adopting 800V direct current power systems inspired by EV technology. Reduces copper requirements, cooling strain, and conversion losses.
Infrastructure outage report. Details limited in available source.
Pricing & Business
Hetzner's third 2026 price increase (May 27) differs from prior two: now protecting existing customers. Reflects market pressure and margin challenges.
Cloudflare reported Q1 2026 $639.8M revenue (+34% YoY) but cut 1,100 employees (20% workforce). Broader industry faces profitability vs. growth tension.
2026 Web Hosting Trends Report surfaces strategies and challenges in $100B+ industry. Providers navigating growth amid margin compression.
WHC now includes free CDN with all web hosting and managed WordPress plans. Competitive feature addition for Canadian market.
65% of providers reported revenue growth; 26% rank VPS as top growth category. Industry focus on VPS profitability amid margin pressure.
7% .com wholesale price increase effective November 1, 2026 opens four-year pricing cycle. First in series of scheduled increases through 2030.
Control Panels
WebPros launching direct hosting offerings (shared, WordPress, email) in competition with cPanel and WHMCS licensees. Threatens hosting provider business model.
Acquisitions & Market
CyberFolks and Shoper announced May 21, 2026 merger under Article 492 of Polish law. €1B valuation creates consolidated hosting and e-commerce player.
At Meta shareholder meeting May 27, Zuckerberg signaled Meta cloud computing business is 'definitely on the table' as AI infrastructure demand grows. Potential market disruption.
OpusDNS (launched October 2025) acquired fruits.co European domain monetization platform on May 20, 2026. Expands wholesale registrar service offerings.
$67B merger positions America's largest regulated utility at heart of AI data center boom. Historic consolidation reflecting power infrastructure criticality.
Technology & Tools
DigitalOcean launched Batch Inference on Inference Engine at Deploy 2026. Enables high-volume asynchronous AI workloads for developers.