Security Advisory: Mitigation in Progress

Update timeline

1. investigating Apr 30, 2026, 12:18 AM UTC

   Status: Investigating We are aware of a recently disclosed Linux security vulnerability and are working to apply the relevant patches across our infrastructure. At this time, we have no evidence of any attempts to exploit this against our systems. As a precautionary measure, we have temporarily disabled SSH access to our hosting and managed cPanel servers while patching is carried out. All other services remain fully operational. We will update this notice once patching is complete. Affected components Managed WordPress (Onyx) (Degraded performance) Shared Hosting (Degraded performance) Business Hosting (Degraded performance) Virtual Private Servers (Katapult) (Degraded performance) Reseller Hosting (Degraded performance) Dedicated Servers (Degraded performance)

2. identified Apr 30, 2026, 04:55 PM UTC

   Status: Identified We're applying mitigations which requires a server reboot. We expect most servers to be offline for less than 5 minutes whilst this takes place Affected components Business Hosting (Degraded performance) Virtual Private Servers (Katapult) (Degraded performance) Reseller Hosting (Degraded performance) Dedicated Servers (Degraded performance) Managed WordPress (Onyx) (Degraded performance) Shared Hosting (Degraded performance)

3. identified Apr 30, 2026, 06:04 PM UTC

   Status: Identified The required mitigations have been put in place for Onyx and are nearing completion for all Web Hosting Services. We will update this status in due course. Affected components Reseller Hosting (Degraded performance) Dedicated Servers (Operational) Managed WordPress (Onyx) (Operational) Shared Hosting (Degraded performance) Business Hosting (Degraded performance) Virtual Private Servers (Katapult) (Degraded performance)

4. identified Apr 30, 2026, 08:20 PM UTC

   Status: Identified The required mitigations have now been completed on all Web Hosting Services including Shared Hosting, Business Hosting and Reseller Hosting. Please note that SSH has now been re-enabled on these machines. Mitigations for VPS are ongoing. We will provide a further update in due course. Affected components Dedicated Servers (Operational) Managed WordPress (Onyx) (Operational) Shared Hosting (Operational) Business Hosting (Operational) Virtual Private Servers (Katapult) (Degraded performance) Reseller Hosting (Operational)

5. monitoring Apr 30, 2026, 08:55 PM UTC

   Status: Monitoring The required mitigations have now been completed on all Managed VPS, Reseller, Premium and Shared hosting accounts. Please note that SSH has now been re-enabled on these machines. SSH remains blocked on Dedicated servers for the time being. We are expecting the full patches for this issue from the upstream vendors in due course at which point we will being patching. A further notification will be provided at this time. Affected components Shared Hosting (Operational) Business Hosting (Operational) Virtual Private Servers (Katapult) (Operational) Reseller Hosting (Operational) Dedicated Servers (Operational) Managed WordPress (Onyx) (Operational)

6. monitoring May 01, 2026, 11:39 AM UTC

   Status: Monitoring Patches have been applied to Dedicated servers and SSH has been unblocked. Affected components Reseller Hosting (Operational) Dedicated Servers (Operational) Managed WordPress (Onyx) (Operational) Shared Hosting (Operational) Business Hosting (Operational) Virtual Private Servers (Katapult) (Operational)