#kinsing — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #kinsing, aggregated by home.social.
-
9 Year-Old PHP Vulnerability Keeps Swinging As One of the Most Targeted Vulnerabilities
CVE-2017-9841, a remote code execution vulnerability in PHPUnit's eval-stdin.php file, remains highly exploited nearly a decade after disclosure. Analysis reveals over 80,000 exploitation attempts detected in 30 days, with 36,500 hits in the last 10 days alone. The vulnerability affects PHPUnit versions prior to 4.8.28 and 5.x before 5.6.3, allowing attackers to execute arbitrary PHP code via POST requests without authentication. Mass-scanning infrastructure targets dozens of framework-specific paths across Laravel, Drupal, Yii, and WordPress installations. Primary attack sources include compromised infrastructure in the UK and US, delivering webshells and botnet payloads. Multiple botnets including RondoDox, Kinsing, KashmirBlack, Sysrv, and Androxgh0st actively exploit this vulnerability. The persistent exploitation stems from developers failing to exclude development dependencies in production environments and exposing vendor directories to web servers.
Pulse ID: 6a0ca36a3571d3fbd4cd92bc
Pulse Link: https://otx.alienvault.com/pulse/6a0ca36a3571d3fbd4cd92bc
Pulse Author: AlienVault
Created: 2026-05-19 17:52:42Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AndroxGh0st #CyberSecurity #InfoSec #Kinsing #OTX #OpenThreatExchange #PHP #RCE #RDP #RemoteCodeExecution #UK #Vulnerability #Word #Wordpress #bot #botnet #developers #AlienVault
-
9 Year-Old PHP Vulnerability Keeps Swinging As One of the Most Targeted Vulnerabilities
CVE-2017-9841, a remote code execution vulnerability in PHPUnit's eval-stdin.php file, remains highly exploited nearly a decade after disclosure. Analysis reveals over 80,000 exploitation attempts detected in 30 days, with 36,500 hits in the last 10 days alone. The vulnerability affects PHPUnit versions prior to 4.8.28 and 5.x before 5.6.3, allowing attackers to execute arbitrary PHP code via POST requests without authentication. Mass-scanning infrastructure targets dozens of framework-specific paths across Laravel, Drupal, Yii, and WordPress installations. Primary attack sources include compromised infrastructure in the UK and US, delivering webshells and botnet payloads. Multiple botnets including RondoDox, Kinsing, KashmirBlack, Sysrv, and Androxgh0st actively exploit this vulnerability. The persistent exploitation stems from developers failing to exclude development dependencies in production environments and exposing vendor directories to web servers.
Pulse ID: 6a0ca36a3571d3fbd4cd92bc
Pulse Link: https://otx.alienvault.com/pulse/6a0ca36a3571d3fbd4cd92bc
Pulse Author: AlienVault
Created: 2026-05-19 17:52:42Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AndroxGh0st #CyberSecurity #InfoSec #Kinsing #OTX #OpenThreatExchange #PHP #RCE #RDP #RemoteCodeExecution #UK #Vulnerability #Word #Wordpress #bot #botnet #developers #AlienVault
-
9 Year-Old PHP Vulnerability Keeps Swinging As One of the Most Targeted Vulnerabilities
CVE-2017-9841, a remote code execution vulnerability in PHPUnit's eval-stdin.php file, remains highly exploited nearly a decade after disclosure. Analysis reveals over 80,000 exploitation attempts detected in 30 days, with 36,500 hits in the last 10 days alone. The vulnerability affects PHPUnit versions prior to 4.8.28 and 5.x before 5.6.3, allowing attackers to execute arbitrary PHP code via POST requests without authentication. Mass-scanning infrastructure targets dozens of framework-specific paths across Laravel, Drupal, Yii, and WordPress installations. Primary attack sources include compromised infrastructure in the UK and US, delivering webshells and botnet payloads. Multiple botnets including RondoDox, Kinsing, KashmirBlack, Sysrv, and Androxgh0st actively exploit this vulnerability. The persistent exploitation stems from developers failing to exclude development dependencies in production environments and exposing vendor directories to web servers.
Pulse ID: 6a0ca36a3571d3fbd4cd92bc
Pulse Link: https://otx.alienvault.com/pulse/6a0ca36a3571d3fbd4cd92bc
Pulse Author: AlienVault
Created: 2026-05-19 17:52:42Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AndroxGh0st #CyberSecurity #InfoSec #Kinsing #OTX #OpenThreatExchange #PHP #RCE #RDP #RemoteCodeExecution #UK #Vulnerability #Word #Wordpress #bot #botnet #developers #AlienVault
-
9 Year-Old PHP Vulnerability Keeps Swinging As One of the Most Targeted Vulnerabilities
CVE-2017-9841, a remote code execution vulnerability in PHPUnit's eval-stdin.php file, remains highly exploited nearly a decade after disclosure. Analysis reveals over 80,000 exploitation attempts detected in 30 days, with 36,500 hits in the last 10 days alone. The vulnerability affects PHPUnit versions prior to 4.8.28 and 5.x before 5.6.3, allowing attackers to execute arbitrary PHP code via POST requests without authentication. Mass-scanning infrastructure targets dozens of framework-specific paths across Laravel, Drupal, Yii, and WordPress installations. Primary attack sources include compromised infrastructure in the UK and US, delivering webshells and botnet payloads. Multiple botnets including RondoDox, Kinsing, KashmirBlack, Sysrv, and Androxgh0st actively exploit this vulnerability. The persistent exploitation stems from developers failing to exclude development dependencies in production environments and exposing vendor directories to web servers.
Pulse ID: 6a0ca36a3571d3fbd4cd92bc
Pulse Link: https://otx.alienvault.com/pulse/6a0ca36a3571d3fbd4cd92bc
Pulse Author: AlienVault
Created: 2026-05-19 17:52:42Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AndroxGh0st #CyberSecurity #InfoSec #Kinsing #OTX #OpenThreatExchange #PHP #RCE #RDP #RemoteCodeExecution #UK #Vulnerability #Word #Wordpress #bot #botnet #developers #AlienVault
-
9 Year-Old PHP Vulnerability Keeps Swinging As One of the Most Targeted Vulnerabilities
CVE-2017-9841, a remote code execution vulnerability in PHPUnit's eval-stdin.php file, remains highly exploited nearly a decade after disclosure. Analysis reveals over 80,000 exploitation attempts detected in 30 days, with 36,500 hits in the last 10 days alone. The vulnerability affects PHPUnit versions prior to 4.8.28 and 5.x before 5.6.3, allowing attackers to execute arbitrary PHP code via POST requests without authentication. Mass-scanning infrastructure targets dozens of framework-specific paths across Laravel, Drupal, Yii, and WordPress installations. Primary attack sources include compromised infrastructure in the UK and US, delivering webshells and botnet payloads. Multiple botnets including RondoDox, Kinsing, KashmirBlack, Sysrv, and Androxgh0st actively exploit this vulnerability. The persistent exploitation stems from developers failing to exclude development dependencies in production environments and exposing vendor directories to web servers.
Pulse ID: 6a0ca36a3571d3fbd4cd92bc
Pulse Link: https://otx.alienvault.com/pulse/6a0ca36a3571d3fbd4cd92bc
Pulse Author: AlienVault
Created: 2026-05-19 17:52:42Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#AndroxGh0st #CyberSecurity #InfoSec #Kinsing #OTX #OpenThreatExchange #PHP #RCE #RDP #RemoteCodeExecution #UK #Vulnerability #Word #Wordpress #bot #botnet #developers #AlienVault
-
Нежданные гости: F6 проанализировала первые масштабные атаки группы Kinsing на российские компании
Установить злоумышленников удалось в результате исследования, которое провели аналитики F6 . Весной 2025 года один из клиентов компании зафиксировал попытку кибератаки на свои внешние сервера. Со списком IP-адресов, с которых велась атака, он обратился в департамент киберразведки (Threat Intelligence) компании F6 за атрибуцией.
https://habr.com/ru/companies/F6/articles/935988/
#kinsing #криптоджекинг #майнер #уязвимости #cve #киберразведка #threat_intelligence
-
Good day everyone!
One of my colleagues, Scott Poley, brought this article to my attention during Cyborg Security's "Out of the Woods Podcast" this week and I wanted to share it here as well. This is an article from Aqua Security that covers in-depth the APT group known as #Kinsing. Now, the report is very long and detailed, but what I wanted to highlight was the level of details and the large amount of actionable intel that this report contained. I said it on the podcast and I will repeat it here, this is one of the most complete attacks that I have seen that focuses on the #Linux operating system. I highly recommend reading this when you get the time! Enjoy and Happy Hunting!
Kinsing Demystified: A Comprehensive Technical Guide
https://info.aquasec.com/kinsing-report#CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday Intel 471 #Intel471
-
Kinsing Hacker Group Exploits More Flaws to Expand Botnet for Cryptojacking – Source:thehackernews.com https://ciso2ciso.com/kinsing-hacker-group-exploits-more-flaws-to-expand-botnet-for-cryptojacking-sourcethehackernews-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #TheHackerNews #Kinsing #hacker
-
От падений базы данных до кибератак: история о том, как мы обнаружили взлом
Статья про расследование простого но интересного киберпреступления. От первых незначительных инцидентов до открытия взлома сервера, мы покажем, как расследовали взлом, копаясь в тысячах строк логов.
-
Kinsing, a Linux malware, has a history of focusing on misconfigured containerized environments for cryptocurrency mining, using compromised server resources.
#Cybersecurity #Linux #Malware #Kinsing #Vulnerability #Rootkit
-
Kinsing threat actors probed the Looney Tunables flaws in recent attacks – Source: securityaffairs.com https://ciso2ciso.com/kinsing-threat-actors-probed-the-looney-tunables-flaws-in-recent-attacks-source-securityaffairs-com/ #rssfeedpostgeneratorecho #informationsecuritynews #ITInformationSecurity #SecurityAffairscom #CyberSecurityNews #PierluigiPaganini #SecurityAffairs #SecurityAffairs #LooneyTunables #BreakingNews #cryptomining #CyberCrime #Cybercrime #hacking #Kinsing #LINUX
-
Kinsing threat actors are known for their ability to quickly adapt and capitalize on newly revealed security vulnerabilities.