A 'backdoor' allowing malicious users to control your server through cPanel's "Request A Password" feature has been discovered... I have written a write-up on how to secure your cpanel/whm server. Fix cPanel [hostinglife.com]

I will not go into full details on how this exploit works, as people are already scanning servers for it, and providing more information of how it "works exactly" is not the best idea. If you`ve logged into WHM as root today you should have seen a similiar notice to this..

Do this ASAP!