3 matches found
CVE-2025-14894 CVE-2025-14894
Livewire Filemanager, commonly used in Laravel applications, contains LivewireFilemanagerComponent.php, which does not perform file type and MIME validation, allowing for RCE through upload of a malicious php file that can then be executed via the /storage/ URL if a commonly performed setup proce...
AndroxGh0st Malware Targets Laravel Apps to Steal Cloud Credentials
Cybersecurity researchers have shed light on a tool referred to as AndroxGh0st that's used to target Laravel applications and steal sensitive data. "It works by scanning and taking out important information from .env files, revealing login details linked to AWS and Twilio," Juniper Threat Labs...
Legion Malware Upgraded to Target SSH Servers and AWS Credentials
An updated version of the commodity malware called Legion comes with expanded features to compromise SSH servers and Amazon Web Services AWS credentials associated with DynamoDB and CloudWatch. "This recent update demonstrates a widening of scope, with new capabilities such the ability to...