home.social

#kinsing — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #kinsing, aggregated by home.social.

  1. 9 Year-Old PHP Vulnerability Keeps Swinging As One of the Most Targeted Vulnerabilities

    CVE-2017-9841, a remote code execution vulnerability in PHPUnit's eval-stdin.php file, remains highly exploited nearly a decade after disclosure. Analysis reveals over 80,000 exploitation attempts detected in 30 days, with 36,500 hits in the last 10 days alone. The vulnerability affects PHPUnit versions prior to 4.8.28 and 5.x before 5.6.3, allowing attackers to execute arbitrary PHP code via POST requests without authentication. Mass-scanning infrastructure targets dozens of framework-specific paths across Laravel, Drupal, Yii, and WordPress installations. Primary attack sources include compromised infrastructure in the UK and US, delivering webshells and botnet payloads. Multiple botnets including RondoDox, Kinsing, KashmirBlack, Sysrv, and Androxgh0st actively exploit this vulnerability. The persistent exploitation stems from developers failing to exclude development dependencies in production environments and exposing vendor directories to web servers.

    Pulse ID: 6a0ca36a3571d3fbd4cd92bc
    Pulse Link: otx.alienvault.com/pulse/6a0ca
    Pulse Author: AlienVault
    Created: 2026-05-19 17:52:42

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #AndroxGh0st #CyberSecurity #InfoSec #Kinsing #OTX #OpenThreatExchange #PHP #RCE #RDP #RemoteCodeExecution #UK #Vulnerability #Word #Wordpress #bot #botnet #developers #AlienVault

  2. 9 Year-Old PHP Vulnerability Keeps Swinging As One of the Most Targeted Vulnerabilities

    CVE-2017-9841, a remote code execution vulnerability in PHPUnit's eval-stdin.php file, remains highly exploited nearly a decade after disclosure. Analysis reveals over 80,000 exploitation attempts detected in 30 days, with 36,500 hits in the last 10 days alone. The vulnerability affects PHPUnit versions prior to 4.8.28 and 5.x before 5.6.3, allowing attackers to execute arbitrary PHP code via POST requests without authentication. Mass-scanning infrastructure targets dozens of framework-specific paths across Laravel, Drupal, Yii, and WordPress installations. Primary attack sources include compromised infrastructure in the UK and US, delivering webshells and botnet payloads. Multiple botnets including RondoDox, Kinsing, KashmirBlack, Sysrv, and Androxgh0st actively exploit this vulnerability. The persistent exploitation stems from developers failing to exclude development dependencies in production environments and exposing vendor directories to web servers.

    Pulse ID: 6a0ca36a3571d3fbd4cd92bc
    Pulse Link: otx.alienvault.com/pulse/6a0ca
    Pulse Author: AlienVault
    Created: 2026-05-19 17:52:42

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #AndroxGh0st #CyberSecurity #InfoSec #Kinsing #OTX #OpenThreatExchange #PHP #RCE #RDP #RemoteCodeExecution #UK #Vulnerability #Word #Wordpress #bot #botnet #developers #AlienVault

  3. 9 Year-Old PHP Vulnerability Keeps Swinging As One of the Most Targeted Vulnerabilities

    CVE-2017-9841, a remote code execution vulnerability in PHPUnit's eval-stdin.php file, remains highly exploited nearly a decade after disclosure. Analysis reveals over 80,000 exploitation attempts detected in 30 days, with 36,500 hits in the last 10 days alone. The vulnerability affects PHPUnit versions prior to 4.8.28 and 5.x before 5.6.3, allowing attackers to execute arbitrary PHP code via POST requests without authentication. Mass-scanning infrastructure targets dozens of framework-specific paths across Laravel, Drupal, Yii, and WordPress installations. Primary attack sources include compromised infrastructure in the UK and US, delivering webshells and botnet payloads. Multiple botnets including RondoDox, Kinsing, KashmirBlack, Sysrv, and Androxgh0st actively exploit this vulnerability. The persistent exploitation stems from developers failing to exclude development dependencies in production environments and exposing vendor directories to web servers.

    Pulse ID: 6a0ca36a3571d3fbd4cd92bc
    Pulse Link: otx.alienvault.com/pulse/6a0ca
    Pulse Author: AlienVault
    Created: 2026-05-19 17:52:42

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #AndroxGh0st #CyberSecurity #InfoSec #Kinsing #OTX #OpenThreatExchange #PHP #RCE #RDP #RemoteCodeExecution #UK #Vulnerability #Word #Wordpress #bot #botnet #developers #AlienVault

  4. 9 Year-Old PHP Vulnerability Keeps Swinging As One of the Most Targeted Vulnerabilities

    CVE-2017-9841, a remote code execution vulnerability in PHPUnit's eval-stdin.php file, remains highly exploited nearly a decade after disclosure. Analysis reveals over 80,000 exploitation attempts detected in 30 days, with 36,500 hits in the last 10 days alone. The vulnerability affects PHPUnit versions prior to 4.8.28 and 5.x before 5.6.3, allowing attackers to execute arbitrary PHP code via POST requests without authentication. Mass-scanning infrastructure targets dozens of framework-specific paths across Laravel, Drupal, Yii, and WordPress installations. Primary attack sources include compromised infrastructure in the UK and US, delivering webshells and botnet payloads. Multiple botnets including RondoDox, Kinsing, KashmirBlack, Sysrv, and Androxgh0st actively exploit this vulnerability. The persistent exploitation stems from developers failing to exclude development dependencies in production environments and exposing vendor directories to web servers.

    Pulse ID: 6a0ca36a3571d3fbd4cd92bc
    Pulse Link: otx.alienvault.com/pulse/6a0ca
    Pulse Author: AlienVault
    Created: 2026-05-19 17:52:42

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #AndroxGh0st #CyberSecurity #InfoSec #Kinsing #OTX #OpenThreatExchange #PHP #RCE #RDP #RemoteCodeExecution #UK #Vulnerability #Word #Wordpress #bot #botnet #developers #AlienVault

  5. 9 Year-Old PHP Vulnerability Keeps Swinging As One of the Most Targeted Vulnerabilities

    CVE-2017-9841, a remote code execution vulnerability in PHPUnit's eval-stdin.php file, remains highly exploited nearly a decade after disclosure. Analysis reveals over 80,000 exploitation attempts detected in 30 days, with 36,500 hits in the last 10 days alone. The vulnerability affects PHPUnit versions prior to 4.8.28 and 5.x before 5.6.3, allowing attackers to execute arbitrary PHP code via POST requests without authentication. Mass-scanning infrastructure targets dozens of framework-specific paths across Laravel, Drupal, Yii, and WordPress installations. Primary attack sources include compromised infrastructure in the UK and US, delivering webshells and botnet payloads. Multiple botnets including RondoDox, Kinsing, KashmirBlack, Sysrv, and Androxgh0st actively exploit this vulnerability. The persistent exploitation stems from developers failing to exclude development dependencies in production environments and exposing vendor directories to web servers.

    Pulse ID: 6a0ca36a3571d3fbd4cd92bc
    Pulse Link: otx.alienvault.com/pulse/6a0ca
    Pulse Author: AlienVault
    Created: 2026-05-19 17:52:42

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #AndroxGh0st #CyberSecurity #InfoSec #Kinsing #OTX #OpenThreatExchange #PHP #RCE #RDP #RemoteCodeExecution #UK #Vulnerability #Word #Wordpress #bot #botnet #developers #AlienVault

  6. Нежданные гости: F6 проанализировала первые масштабные атаки группы Kinsing на российские компании

    Установить злоумышленников удалось в результате исследования, которое провели аналитики F6 . Весной 2025 года один из клиентов компании зафиксировал попытку кибератаки на свои внешние сервера. Со списком IP-адресов, с которых велась атака, он обратился в департамент киберразведки (Threat Intelligence) компании F6 за атрибуцией.

    habr.com/ru/companies/F6/artic

    #kinsing #криптоджекинг #майнер #уязвимости #cve #киберразведка #threat_intelligence

  7. Good day everyone!

    One of my colleagues, Scott Poley, brought this article to my attention during Cyborg Security's "Out of the Woods Podcast" this week and I wanted to share it here as well. This is an article from Aqua Security that covers in-depth the APT group known as #Kinsing. Now, the report is very long and detailed, but what I wanted to highlight was the level of details and the large amount of actionable intel that this report contained. I said it on the podcast and I will repeat it here, this is one of the most complete attacks that I have seen that focuses on the #Linux operating system. I highly recommend reading this when you get the time! Enjoy and Happy Hunting!

    Kinsing Demystified: A Comprehensive Technical Guide
    info.aquasec.com/kinsing-repor

    #CyberSecurity #ITSecurity #InfoSec #BlueTeam #ThreatIntel #ThreatHunting #ThreatDetection #HappyHunting #readoftheday Intel 471 #Intel471

  8. От падений базы данных до кибератак: история о том, как мы обнаружили взлом

    Статья про расследование простого но интересного киберпреступления. От первых незначительных инцидентов до открытия взлома сервера, мы покажем, как расследовали взлом, копаясь в тысячах строк логов.

    habr.com/ru/articles/810591/

    #Linux #Docker #Kinsing #postgresql #взлом #хакерство

  9. > Set up a #Docker based server for the first time.
    > Immediately slapped with the #kinsing miner.

    Quality software, folks.