Toshost Ltd

Toshost Ltd Reliable Pure SSD hosting and Fully cPanel Managed Secure Server provider since 2012. Your site our

We provide all kind of online service like as Hosting, Domain , design, ISP, SSL,eCommerce Design, eCommerce Hosting, Secure hosting, Latest Technology Hosting, All service fast response support and many more..

URGENT — Security AdvisoryA privilege-escalation vulnerability has been identified in the LiteSpeed User-End cPanel Plug...
02/06/2026

URGENT — Security Advisory

A privilege-escalation vulnerability has been identified in the LiteSpeed User-End cPanel Plugin. This issue is separate from the one patched last month, and is being actively exploited in the wild. A CVE is forthcoming.

Affected: LiteSpeed User-End cPanel Plugin prior to 2.4.8

Not affected: LiteSpeed WHM Plugin (the parent plugin)

Status: Fix available

ACTION REQUIRED (immediately)

We strongly recommend you urgently upgrade to:

LiteSpeed WHM Plugin v5.3.2.1 (bundled w/ cPanel plugin v2.4.8).



Alternative: Uninstall the Vulnerable Plugin

If you cannot upgrade immediately, please run the following command as root to remove the plugin:

Bash

/usr/local/lsws/admin/misc/lscmctl cpanelplugin --uninstall



This will remove the vulnerable User-End plugin from existing accounts and prevent it from being installed on new accounts.

Security experts revealed a serious 18-year-old flaw in NGINX, one of the world's most popular web servers. The heap ov...
15/05/2026

Security experts revealed a serious 18-year-old flaw in NGINX, one of the world's most popular web servers. The heap overflow bug, called CVE-2026-42945, hits versions 0.6.27 through 1.30.0 and can let hackers run code remotely if rewrite and set directives are used. Researchers at depthfirst discovered it and released a working proof-of-concept exploit.

Updating to NGINX 1.30.1 or newer (or tweaking your config) fixes the risk right away.

15/05/2026

The last two weeks of bugs and exploits have proven one thing: the new AI era will cause a world of pain for anyone who overlooks security hygiene. Hackers are moving faster than ever, using automated tools to target everything from firewalls to cloud infrastructure.

Set your automatic patch timers. Keep your eyes on the glass. Don't let convenience blind you to the risks.

Stay safe out there!

New bug : https://github.com/0xdeadbeefnetwork/ssh-keysign-pwn

https://www.openwall.com/lists/oss-security/2026/05/15/3

CVE-2026-29204 - WHMCS Security Update 05/12/2026 If you are using WHMCS to manage your web hosting business then updat...
13/05/2026

CVE-2026-29204 - WHMCS Security Update 05/12/2026
If you are using WHMCS to manage your web hosting business then update new patch.

Situation
A security vulnerability (CVE-2026-29204) has been identified in WHMCS 7.4 and later involving insufficient authorization checks within the Client Area. Under specific conditions, an authenticated user could perform actions outside of the scope of their assigned account permissions.

This issue was responsibly disclosed through our security program and is currently being addressed.

Impact
An authenticated WHMCS user could potentially leverage this flaw to perform actions in the context of another user's account, including accessing services that they did not own. Exploitation requires a valid, authenticated session.

Affected versions include:

All WHMCS 9.x builds prior to 9.0.4.

All WHMCS 8.x builds prior to 8.13.3.

All WHMCS 7.x builds after 7.4.0.

A fix is only available for supported WHMCS versions. If you are running WHMCS 7.4 or later, you must upgrade to WHMCS 9.0.4 or WHMCS 8.13.3.

Call to Action
We have released a fix for this in the following WHMCS versions:

WHMCS 9.0.4

WHMCS 8.13.3

Update immediately to the latest WHMCS version after the patched release is available.

Note: Monitor the Activity Log for any unexpected Single Sign-On or service access events originating from mismatched user accounts.

10/05/2026

To keep your infrastructure secure, you need to be aware of two critical vulnerabilities that surfaced between April and May 2026: "Copy Fail" (CVE-2026-31431) and the more recent "Dirty Frag" (CVE-2026-43284 / CVE-2026-43500).
​As of May 10, 2026, here are the specific patched versions you should be looking for across the major branches and distributions.

"Dirty Frag" is currently the high-priority threat because it chains two vulnerabilities. Even if you patched for "Copy Fail" in late April, you must run the updates again this week (May 8-10) to catch the "Dirty Frag" fixes.

STEP

sudo apt update # For Ubuntu/Debian
sudo yum check-update # For RHEL/CentOS/AlmaLinux

sudo apt upgrade -y # For Ubuntu/Debian
sudo yum update -y # For RHEL/CentOS/AlmaLinux

sudo reboot

Patch Alert: Linux Kernel
​High-severity exploit found.
Action: Backup ➡ Update ➡ Reboot.
​Check your distribution's latest security advisories immediately. Your data's safety depends on it! 🚀

cPanel users—there is a critical security update live on the dashboard. This isn't just a feature update; it’s a securit...
29/04/2026

cPanel users—there is a critical security update live on the dashboard. This isn't just a feature update; it’s a security necessity.

Stop what you’re doing, log in, and hit that "Update Now" button.

SysAdmins, pay attention! New RCE vulnerabilities (CVE-2026-32710) are hitting MySQL and MariaDB hard. Hackers can execu...
19/04/2026

SysAdmins, pay attention! New RCE vulnerabilities (CVE-2026-32710) are hitting MySQL and MariaDB hard. Hackers can execute code remotely via malformed JSON—and even bypass your audit logs.

Protect your stack NOW:

Patch: Update to MariaDB 11.4.10+ or MySQL 8.4.7+ immediately.

Bind: Double-check that bind-address isn't public.

Filter: Drop suspicious JSON payloads at your Nginx/OpenResty edge.

Managed clients: We’re already patching your servers.
Unmanaged clients: Secure your environment before it's too late!

Don't let your database be an open door. 🛡️

17/04/2026

Internet

🌙 Eid Mubarak from all of us 🌙On this blessed occasion of Eid al-Fitr, we extend our warmest wishes to our clients, part...
20/03/2026

🌙 Eid Mubarak from all of us 🌙

On this blessed occasion of Eid al-Fitr, we extend our warmest wishes to our clients, partners, and the global Muslim community.

May this Eid bring peace, prosperity, and unity to all. We also hope for an end to conflict and suffering in the Middle East, and for a future defined by compassion, stability, and mutual respect.

Wishing everyone a joyful and peaceful Eid. 🤍

Scam alert. Don't Download this type of app. It's a pure scam.
09/01/2026

Scam alert. Don't Download this type of app. It's a pure scam.

Address

167 Wadham Gardens, Greenford
London
HA37NY

Website

Alerts

Be the first to know and let us send you an email when Toshost Ltd posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to Toshost Ltd:

Shortcuts

Share

Category