Anonymousfox is a WordPress vulnerability where users are able to exploit vulnerable WordPress plugins to get access to the account’s files on the system. A bug allows access with the cPanel software, the attacker can gain access to that particular cPanel account by editing the contact address file and then resetting the account’s password.
You can restrict the cPanel user from resetting their own password my making sure the WHM >> Tweak Settings >> “Reset Password for cPanel accounts” option is set to off, as that will keep the user from gaining full access to the cPanel user and interface.
There are excellent forums posts that have additional details you may want to read at the following links:
https://forums.cpanel.net/threads/question-and-tips-about-anonymousfox.677765/
https://forums.cpanel.net/threads/cpanel-login-after-anonmousfox-hack.666337/