Lucene search
K

19 matches found

Microsoft Secure
Microsoft Secure
added 2025/12/15 7:35 p.m.12 views

Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components

CVE-2025-55182 also referred to as React2Shell and includes CVE-2025-66478, which was merged into it is a critical pre-authentication remote code execution RCE vulnerability affecting React Server Components, Next.js, and related frameworks. With a CVSS score of 10.0, this vulnerability could all...

10CVSS8.6AI score0.99562EPSS
Exploits388
The Hacker News
The Hacker News
added 2023/07/27 10:46 a.m.66 views

Hackers Target Apache Tomcat Servers for Mirai Botnet and Crypto Mining

Misconfigured and poorly secured Apache Tomcat servers are being targeted as part of a new campaign designed to deliver the Mirai botnet malware and cryptocurrency miners. The findings come courtesy of Aqua, which detected more than 800 attacks against its Tomcat server honeypots over a two-year...

8AI score
Exploits0
ThreatPost
ThreatPost
added 2022/04/27 12:11 p.m.80 views

Millions of Java Apps Remain Vulnerable to Log4Shell

Four months after the discovery of the zero-day Log4Shell critical flaw, millions of Java applications still remain vulnerable to compromise, researchers have found. Rezilion expected that due to the “massive amount of media coverage” the bug unsurprisingly received, the majority of applications...

7.1AI score
Exploits0References9
Rapid7 Blog
Rapid7 Blog
added 2022/04/22 9:3 p.m.145 views

Opportunistic Exploitation of WSO2 CVE-2022-29464

On April 18, 2022, MITRE published CVE-2022-29464 , an unrestricted file upload vulnerability affecting various WSO2 products. WSO2 followed with a security advisory explaining the vulnerability allowed unauthenticated and remote attackers to execute arbitrary code in the following products: API...

10CVSS9.8AI score0.99999EPSS
Exploits22
ThreatPost
ThreatPost
added 2022/01/04 10:49 p.m.111 views

Microsoft Sees Rampant Log4j Exploit Attempts, Testing

No surprise here: The holidays bought no Log4Shell relief. Threat actors vigorously launched exploit attempts and testing during the last weeks of December, Microsoft said on Monday, in the latest update to its landing page and guidance around the flaws in Apache’s Log4j logging library. “We have...

10CVSS10AI score0.99999EPSS
Exploits356References22
hivepro
hivepro
added 2021/12/07 1:24 p.m.453 views

BlackByte ransomware exploits Microsoft Servers ProxyShell Vulnerabilities

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. BlackByte ransomware is targeting organizations with unpatched ProxyShell vulnerabilities. Proxy Shell was addressed by hive pro threat researcher in the previous advisory released on August 24. ProxyShell is a combination of...

10CVSS0.9AI score0.99999EPSS
Exploits18
Rapid7 Blog
Rapid7 Blog
added 2021/11/09 4:59 p.m.158 views

Opportunistic Exploitation of Zoho ManageEngine and Sitecore CVEs

Over the weekend of November 6, 2021, Rapid7’s Incident Response IR and Managed Detection and Response MDR teams began seeing opportunistic exploitation of two unrelated CVEs: CVE-2021-40539, a REST API authentication bypass in Zoho’s ManageEngine ADSelfService Plus product that Rapid7 has...

10CVSS9.8AI score0.9896EPSS
Exploits12
Microsoft Secure
Microsoft Secure
added 2021/09/27 5:0 p.m.27 views

A guide to combatting human-operated ransomware: Part 2

This blog is part two of a two-part series focused on how Microsoft DART helps customers with human-operated ransomware. For more guidance on human-operated ransomware and how to defend against these extortion-based attacks, refer to our human-operated ransomware docs page. In part one of this bl...

7.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2021/09/07 12:0 a.m.127 views

CVE-2021-40539

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API authentication bypass with resultant remote code execution. Recent assessments: ccondon-r7 at November 08, 2021 3:18pm UTC reported: Rapid7’s services teams are observing opportunistic exploitation of this...

9.8CVSS9.9AI score0.9896EPSS
In wildExploits8References4
Rapid7 Blog
Rapid7 Blog
added 2021/09/02 3:44 p.m.181 views

Active Exploitation of Confluence Server & Confluence Data Center: CVE-2021-26084

This attack is ongoing. See the Updates section at the end of this post for new information as it comes to light. On August 25, 2021, Atlassian published details on CVE-2021-26084, a critical remote code execution vulnerability in Confluence Server and Confluence Data Center. The vulnerability...

7.5CVSS0.3AI score0.99999EPSS
Exploits45
The Hacker News
The Hacker News
added 2021/08/23 1:27 p.m.438 views

Top 15 Vulnerabilities Attackers Exploited Millions of Times to Hack Linux Systems

Close to 14 million Linux-based systems are directly exposed to the Internet, making them a lucrative target for an array of real-world attacks that could result in the deployment of malicious web shells, coin miners, ransomware, and other trojans. That's according to an in-depth look at the Linu...

10CVSS9.4AI score0.99999EPSS
Exploits247
Microsoft Secure
Microsoft Secure
added 2021/07/29 7:0 p.m.423 views

When coin miners evolve, Part 2: Hunting down LemonDuck and LemonCat attacks

Note: In this two-part blog series, we expose a modern malware infrastructure and provide guidance for protecting against the wide range of threats it enables. Part 1 covered the evolution of the threat, how it spreads, and how it impacts organizations. Part 2 provides a deep dive on the attacker...

10CVSS0.5AI score0.99999EPSS
Exploits384
Microsoft Secure
Microsoft Secure
added 2021/07/22 4:0 p.m.473 views

When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure

Note: In this two-part blog series, we expose a modern malware infrastructure and provide guidance for protecting against the wide range of threats it enables. Part 1 covers the evolution of the threat, how it spreads, and how it impacts organizations. Part 2 is a deep dive on the attacker behavi...

10CVSS9.2AI score0.99999EPSS
Exploits385
Microsoft Malware Protection
Microsoft Malware Protection
added 2021/07/22 4:0 p.m.451 views

When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure

Note: In this two-part blog series, we expose a modern malware infrastructure and provide guidance for protecting against the wide range of threats it enables. Part 1 covers the evolution of the threat, how it spreads, and how it impacts organizations. Part 2 is a deep dive on the attacker behavi...

10CVSS9.2AI score0.99999EPSS
Exploits385
The Hacker News
The Hacker News
added 2020/12/01 8:54 a.m.42 views

Nation-State Hackers Caught Hiding Espionage Activities Behind Crypto Miners

A nation-state actor known for its cyber espionage campaigns since 2012 is now using coin miner techniques to stay under the radar and establish persistence on victim systems, according to new research. Attributing the shift to a threat actor tracked as Bismuth, Microsoft's Microsoft 365 Defender...

0.2AI score
Exploits0
Microsoft Malware Protection
Microsoft Malware Protection
added 2020/11/30 10:30 p.m.79 views

Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them

Cryptocurrency miners are typically associated with cybercriminal operations, not sophisticated nation state actor activity. They are not the most sophisticated type of threats, which also means that they are not among the most critical security issues that defenders address with urgency. Recent...

8.4AI score
Exploits0
FireEye
FireEye
added 2020/01/24 5:0 p.m.347 views

Nice Try: 501 (Ransomware) Not Implemented

An Ever-Evolving Threat Since January 10, 2020, FireEye has tracked extensive global exploitation of CVE-2019-19781, which continues to impact Citrix ADC and Gateway instances that are unpatched or do not have mitigations applied. We previously reported on attackers’ swift attempts to exploit thi...

7.5CVSS9.9AI score0.99999EPSS
Exploits48References11
Microsoft Secure
Microsoft Secure
added 2018/07/26 1:0 p.m.28 views

Attack inception: Compromised supply chain within a supply chain poses new risks

A new software supply chain attack unearthed by Windows Defender Advanced Threat Protection Windows Defender ATP emerged as an unusual multi-tier case. Unknown attackers compromised the shared infrastructure in place between the vendor of a PDF editor application and one of its software vendor...

0.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/07/03 3:0 p.m.96 views

Obfuscated Coinhive shortlink reveals larger mining operation

During the past several months, in-browser mining has continued to affect a large number of websites, predominantly relying on Coinhive's infamous API. We documented several campaigns on this blog, in particular Drupalgeddon, where attackers are taking advantage of vulnerabilities in popular...

Exploits0
Rows per page
Query Builder