All Reports
Automated registration attempts mitigated
On 2026-06-30, WAYSCloud detected a coordinated wave of automated registration attempts against the meil.no free tier. The activity targeted the creation of new accounts. We found no evidence that existing user accounts were compromised, no evidence that customer email contents were accessed, and no evidence of outbound email abuse from the accounts involved. The behaviour matched a known abuse model seen against reputable privacy-focused email and communication services: accounts are created in coordinated waves, kept quiet, accessed periodically to build apparent legitimacy, and later used for spam, fraud or other abuse if sending trust is granted too quickly. This was a coordinated and technically mature attempt. The actor used distributed residential network access, completed SMS verification and varied timing between steps, which made simple per-IP limits and basic anti-bot checks insufficient on their own. The accounts matching the abuse pattern were suspended, active sessions were revoked, and additional anti-abuse controls are being prioritised to protect the service, legitimate users and email delivery reputation.
Updated 24/7 NOC contact number
Our Network Operations Center (NOC) has been assigned a new direct telephone number. This line is staffed 24/7 for infrastructure and security-related incidents. The new NOC number is +47 21 61 70 70. The number has changed as part of a planned migration to a new telephony platform and operator. There is no impact to service availability.
Email Compliance isolation weakness discovered and remediated internally
During internal testing of our Email Compliance service, WAYSCloud discovered a tenant-isolation weakness that could, in principle, have allowed Email Compliance dashboard data from one account to be returned to another account. The issue was discovered internally before customer exposure, remediated the same day, and verified through end-to-end testing. No customer data was exposed.
Significant Increase in Malicious Traffic Successfully Mitigated
WAYSCloud detected and mitigated 406,171 attack attempts from 205,461 unique sources within a one-hour period, consistent with a coordinated, botnet-like distributed denial-of-service (DDoS) attack, followed by a renewed wave in the second hour. The exceptional traffic volume directed at our edge layer caused temporary degraded responsiveness in the customer dashboard and APIs. Traffic has since fallen considerably and services are returning to normal. There is no indication of any security breach, customer data exposure or infrastructure compromise, and underlying customer workloads remained unaffected.
Improved security for meil.no mail
Follow-up on Internet.nl findings for meil.no raised by Per Thorsheim. Score improved 73% to 83%; mail crypto hardened, RPKI/IPv6/IMAP items ongoing.
Company status clarification: WAYSCloud AS
WAYSCloud AS is currently subject to a formal administrative corporate process following the resignation of the company's auditor in September 2025. The process was triggered by formal company-law requirements, not by a customer-data incident, platform shutdown or ordinary operational collapse. WAYSCloud remains operational. The platform currently operates **22 services across 20 countries**, covering infrastructure, security, communications and AI/compute. Infrastructure costs, monitoring, support and platform development continue as part of ordinary operations. We are in constructive dialogue with the estate administrator, who is also positively inclined toward a return of the company to ordinary operation. In parallel, WAYSCloud has started a strategic capital process targeting approximately **EUR 2 million** to stabilise the company, resolve outstanding formal matters and support commercial rollout.
Recovery email displayed as verified before verification was completed
A defect in the meil.no signup flow caused a secondary recovery email to be displayed as verified immediately after signup, without a verification mail being sent. The defect was reported by a customer, root-caused, and fully fixed within nine hours, with backfill verification mails sent to all 106 affected legacy users on the same day.
App Service: Wake-from-idle env fix
App Service apps with idle-shutdown enabled could lose environment configuration after waking from idle. Resolved 10 May 2026.
Shared Hosting CVE-2026-41940 security review
Following public activity related to CVE-2026-41940 affecting WHM/cPanel environments, WAYSCloud reviewed its shared hosting infrastructure. The review confirmed that relevant systems had already been patched through automated vendor update handling before observed exploitation attempts. No compromise was identified.
Custom-domain DNS verification fix
Internal review found the meil.no custom-domain ownership check could miss valid DNS records due to registrar case normalization. Fixed; no customer impact.
Email security hardening: DNSSEC, DANE, IPv6
WAYSCloud has completed a multi-step hardening of the internal email delivery layer used by the workspace platform, including DNSSEC, DANE/TLSA, and IPv6 support. These changes strengthen protection against tampering, downgrade attacks, and spoofing, and are externally verifiable. This work covered WAYSCloud's own platform mail infrastructure only. Customer-operated mail servers and customer-managed email systems were not in scope and were not affected.
App Platform interface alignment
Inconsistencies between CLI, API, and dashboard behavior were identified and resolved as part of internal validation of the App Platform.
Database service degradation due to storage saturation
A storage saturation event on a database node caused degraded performance and temporary service disruption across multiple platform services. All services have been restored, and safeguards have been implemented to prevent recurrence.
Shared Hosting control panel migration to HestiaCP
WAYSCloud will migrate its Shared Hosting platform to a new control panel based on HestiaCP. This is part of our ongoing move toward open-source technologies across the platform, with no downtime expected for customer websites.
App Platform Deployment Issue
Deployment startup failures were not clearly surfaced in the dashboard, and the plan upgrade flow lacked a direct path. Resolved with improved error visibility.
WAYSCloud Sovereignty Report
Sovereignty architecture overview — platform control boundaries, dependency governance, jurisdictional alignment, and external dependency risk management.
VPS web console access issue and architecture improvement
The VPS web console experienced issues preventing browser-based access to virtual machines. The issue has been resolved with an improved, OS-independent console architecture.
Database snapshot redundancy limitation
Off-site backup replication was temporarily limited within a subset of database infrastructure. Detected by monitoring and resolved.
Dashboard translation inconsistency following deployment
A deployment caused parts of the customer dashboard to display raw translation keys instead of localized text. No data was affected.
Redis provisioning: firewall allowlist not enforced on new instances
Firewall allowlist rules appeared configured but were not enforced at the network level on newly provisioned Redis instances.
