A DDoS Here, a Flaw There: It Seems Hosting Fragility Is Everywhere Right Now

Hosting Fragility Is Everywhere Right Now
Jordan Sprogis

Writer: Jordan Sprogis

Jordan Sprogis

Jordan Sprogis, Contributing Expert

Jordan Sprogis is a creative writer and tech researcher who has been working on online content for the better part of a decade. She holds a bachelor's degree in professional writing from Western Connecticut State University and has devoted much of her career to crafting content for various web verticals, including CyberSpyder and The Echo. Since joining HostingAdvice, Jordan has combined her storytelling ability with her fascination for advancements in technology to pen over 500 articles geared toward industry pros and newcomers alike.

See Full Bio »
Close
Lillian Castro

Editor: Lillian Castro

Lillian Castro

Lillian Castro, Senior Editor

Lillian Castro brings more than 30 years of editing and journalism experience to our team. She has written and edited for major news organizations, including The Atlanta Journal-Constitution and the New York Times, and she previously served as an adjunct instructor at the University of Florida. Today, she edits HostingAdvice content for clarity, accuracy, and reader engagement.

See Full Bio »
Close
Cristian Lopez

Reviewer: Cristian Lopez

Cristian Lopez

Cristian Lopez, News Manager

Cristian Lopez uses his Business Marketing background from the University of Illinois at Chicago to create comfortable environments for customers, clients, and colleagues to share their thoughts and ideas openly. From interviewing tech leaders to conducting UX market research projects, Cristian knows the importance of storytelling — a key variable for innovation and inspiration. His goal at HostingAdvice is to wow readers on the ever-evolving nature of the tech industry and bring his audience the most reliable and exciting content on all things hosting.

See Full Bio »
Close
Updated:
Follow the HostingAdvice team for a daily dose of tech news, trending IT discussions, and interviews with the web's most innovative technologists.
Follow Us:
1k
1k

Key Takeaways

The hosting industry was hit with a 1-2-3 punch this past week. Arch Linux spent seven days fending off a DDoS attack, cPanel patched a high-severity SQLite flaw, and Microsoft confirmed ransomware campaigns against unpatched SharePoint servers.

The cases do not appear to be related to one another, and there’s no reason to think they are. But they share a common thread: No part of the stack is safe. And with generative AI speeding up attacks, hackers have more freedom than ever to weaponize those flaws.

Here’s the breakdown of what’s been happening:

Arch Linux: August DDoS Attack

Arch Linux DDoS shared on Aug. 25 that it experienced seven full days of outages across its AUR, forums, and web portal, preventing developers from accessing their hubs and repositories.

“We are aware of the problems that this creates for our end users and will continue to actively work with our hosting provider to mitigate the attack. We are also evaluating DDoS protection providers while carefully considering factors including cost, security, and ethical standards,” it read in an update.

Users on Reddit speculated the culprits were likely “script kiddies,” or amateur hackers who rely on prewritten scripts to cause mayhem.

Comment
byu/dezlymacauleyreal from discussion
inarchlinux
Comment
byu/dezlymacauleyreal from discussion
inarchlinux

Hosts that have automatic failovers or always-on DDoS protection seem to be in good shape. Those who don’t may want to invest in a mitigation vendor or at least have a clear failover plan.

But if this is caused by script kiddies, it does raise the question: If a major platform like Arch Linux can be taken offline for a week by low-skill attackers, what does that mean for smaller hosts?

cPanel SQLite Flaw: July/August Vulnerability

On Aug. 21, cPanel & WebHost Manager (WHM) — which powers more than 90% of the world’s shared hosting environments — finalized its series of critical patches for CVE-2025-6965.

cPanel's August 21 changelog shows the SQLite update that patched CVE-2025-6965. Source: cPanel
cPanel’s Aug. 21 change log shows the SQLite update that patched CVE-2025-6965. Source: cPanel

There was an identified flaw in SQLite’s memory handling which could have opened the door to crashes or system hijacks. While rated as High severity, there has been no evidence of a direct attack or exploitation.

Since SQLite is bundled into cPanel, it had to wait for the patches to come through, test them successfully, and then send the fixes across every branch (versions 110-130), which is why it took several months to roll out.

It’s a prime example of a proactive update. Instead of waiting for something to occur, cPanel closed the flaw before it could be weaponized, potentially protecting thousands of tenants that rely on its shared hosting environments.

Microsoft SharePoint: July-August Vulnerability

All summer, Microsoft’s on-prem SharePoint servers have been dealing with Warlock ransomware from Storm-2603, a China-based hacking group. Microsoft confirmed the activity in July and subsequently released a patch.

The issue is the July patch was incomplete. The ToolPane flaw (pictured below) stayed open long enough for attackers to keep exploiting it until more fixes rolled out.

ToolPane flaw screenshot
Threat actors targeted SharePoint via crafted POST requests to ToolPane.aspx. Source: Microsoft

Warlock affiliates exploited flaws in SharePoint’s authentication and deserialization, which let them bypass logins and inject malicious code.

Serialization is when an application converts data into a format that can be stored or transferred. Deserialization happens when they’re able to turn it into a usable format, and only happens when a system doesn’t check that the incoming data is safe before converting it back.

That gap may have left hundreds of government and enterprise systems exposed, according to Reuters. InfoSec Magazine confirmed at least 75 servers have been compromised, with thousands more still vulnerable.

The Common Weak Point

Though unrelated, the three incidents show how fragile the stack remains, whether from defense gaps (Arch’s DDoS), slow patches (cPanel’s SQLite fix), or incomplete patches (SharePoint).

Fortinet found 85% of cybersecurity professionals believe gen-AI is already driving a spike in attacks. AI saves enormous amounts of time, giving bad actors faster ways to find and exploit vulnerabilities. The World Economic Forum ranks adversarial AI as the top cyber risk for nearly half of organizations worldwide.

None of the stack is immune; proactive patching matters, but so does DDoS defense. And with hackers using AI, it only makes sense for hosts to fight fire with fire.

About the Author

Jordan Sprogis
Jordan Sprogis
Contributing Expert

Jordan Sprogis is a creative writer and tech researcher who has been working on online content for the better part of a decade. She holds a bachelor's degree in professional writing from Western Connecticut State University and has devoted much of her career to crafting content for various web verticals, including CyberSpyder and The Echo. Since joining HostingAdvice, Jordan has combined her storytelling ability with her fascination for advancements in technology to pen over 500 articles geared toward industry pros and newcomers alike.

View Jordan Sprogis's Full Profile »