CVE-2023-48022

oligo_security

ShadowRay2.0:AttackersTurnAIAgainstItselfinGlobalCampaignthatHijacksAIIntoSelf-PropagatingBotnet

_cybersecurity_

ShadowRayAttacksTransformRayClustersintoCryptoMiners

crstux

🔥Top10TrendingCVEs(23/06/2025)

stephanekoch

"Anyscale, the framework is used by major tech companies such as Uber, Amazon and OpenAI. Researchers found that thousands of publicly exposed Ray servers worldwide were compromised due to the vulnerability tracked as CVE-2023-48022"

CyberxtronTech

Threat Campaign Alert - Breaking New Ground: ShadowRay Campaign Targets Untapped AI Vulnerabilities Summary: Researcher identifies an active attack campaign exploiting a disputed vulnerability (CVE-2023-48022), dubbed ShadowRay, in the Ray open-source AI framework. Thousands of organizations globally, including sectors like education, cryptocurrency, bio-pharma, and more are at risk of remote code execution and data compromise. Threat Actor/Group: Not explicitly mentioned. Malware: XMRig, NBMiner, Java-based Zephyr miners. Targeted Countries: Not specified. Targeted Industries: Education, cryptocurrency, biopharma and more Specific Applications/CVE's: Ray[AI framework],CVE-2023-48022 (ShadowRay). Impact: Data compromise, remote code execution, cryptocurrency mining, unauthorized access to sensitive information. IOC IP Addr    23[.]146[.]184[.]38/ 54[.]176[.]108[.]174/ 158[.]247[.]217[.]90/ 206[.]189[.]156[.]69/ Domain    clo4q41v1v85ed814bogstepb5jwkbxtj[.]oast[.]fun/ bore[.]pub/ xna[.]2miners[.]com/ kryptex[.]network/ zeph[.]kryptex[.]network/ zeph[.]kryptex[.]network/ pool[.]hashvault[.]pro/ zephyr[.]miningocean[.]org/ rx[.]unmineable[.]com/ MD5 Hash    f3636232ed136fed658521682f6fa9f4 SHA1 Hash    8d53ade3599ca39d9ad22d9360834514e9a6c6dc SHA256 98f0bf732ebae8f3ba250c02e02a0787a68039caa484e688e0391343eaf0b527 Mitre TTP T1190, T1078, T1136, T1574, T1047, T1059, T1105, T1113, T1106, T1027, T1016 Reference: This writing is based on Research Advisory Report published by ‘Oligo' Team. --------------------------------------------------------------------------------------- Join us on our mission to secure the digital world and make cyber defense affordable to everyone! Follow "CyberXTron Technologies" for the timely, relevant and actionable cyber threat insights. #ShadowRay #CVE #AI #Vulnerability #DataBreach #CryptoMining #InfoSec #cyberXTron #uncovertheunknown

vumetric

AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022) https://t.co/acEokKEEnF

avi_lum

We (/OligoSecurity) ran into an advisory by Anyscale, the maintainers of Ray. They have addressed multiple CVEs in Ray recently. Their blog mentioned a disputed vulnerability, known as CVE-2023-48022: https://t.co/fYGc1DFiJ4)