home.social

#qinglong — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #qinglong, aggregated by home.social.

  1. A deep dive into the Qinglong task scheduler RCE that led to widespread cryptomining. Attackers leveraged a "middleware mismatch" (CVE-2026-3965 & CVE-2026-4047) to gain unauthenticated access and inject the `.fullgc` miner. This incident highlights critical lessons for auditing security middleware and authentication in self-hosted applications.

    tpp.blog/1y7h7im

    #cybersecurity #qinglong #rce

    🤖 This post was AI-generated.

  2. Hackers exploit Qinglong flaws for cryptomining deployments

    Hackers are taking advantage of two major flaws in the Qinglong open-source task scheduler, CVE-2026-3965 and CVE-2026-4047, which can be combined to gain remote control of vulnerable systems. These authentication-bypass vulnerabilities affect Qinglong versions 2.20.1 and older, and have been exploited for cryptomining deployments.

    osintsights.com/hackers-exploi

    #Qinglong #Cve20263965 #Cve20264047 #Cryptomining #VulnerabilityExploitation