#remotecodeexecution — Public Fediverse posts

Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers

Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.

Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault

Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers

Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.

Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault

Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers

Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.

Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault

Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers

Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.

Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault

Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers

Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.

Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault

Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution

Pulse ID: 6a01600647e7bc7fee6485d3
Pulse Link: https://otx.alienvault.com/pulse/6a01600647e7bc7fee6485d3
Pulse Author: Tr1sa111
Created: 2026-05-11 04:50:14

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #OTX #OpenThreatExchange #RemoteCodeExecution #ZeroDay #bot #Tr1sa111

Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution

A buffer overflow vulnerability in the User-ID Authentication Portal of PAN-OS software allows unauthenticated attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls. Limited exploitation has been observed starting April 9, 2026, by a likely state-sponsored threat cluster. Attackers successfully achieved remote code execution by injecting shellcode into nginx worker processes. Post-exploitation activities included deployment of EarthWorm and ReverseSocks5 tunneling tools, Active Directory enumeration using compromised firewall credentials, and systematic log destruction to evade detection. The attackers demonstrated operational discipline with intermittent interactive sessions over multiple weeks, using open-source tools instead of proprietary malware to minimize detection. The vulnerability poses elevated risk when the portal is exposed to untrusted networks or the public internet.

Pulse ID: 69fc45baaffc99649cda5385
Pulse Link: https://otx.alienvault.com/pulse/69fc45baaffc99649cda5385
Pulse Author: AlienVault
Created: 2026-05-07 07:56:42

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Malware #Nginx #Nim #OTX #OpenThreatExchange #RAT #RCE #RemoteCodeExecution #Rust #ShellCode #Vulnerability #Worm #ZeroDay #bot #socks5 #AlienVault

Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution

A buffer overflow vulnerability in the User-ID Authentication Portal of PAN-OS software allows unauthenticated attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls. Limited exploitation has been observed starting April 9, 2026, by a likely state-sponsored threat cluster. Attackers successfully achieved remote code execution by injecting shellcode into nginx worker processes. Post-exploitation activities included deployment of EarthWorm and ReverseSocks5 tunneling tools, Active Directory enumeration using compromised firewall credentials, and systematic log destruction to evade detection. The attackers demonstrated operational discipline with intermittent interactive sessions over multiple weeks, using open-source tools instead of proprietary malware to minimize detection. The vulnerability poses elevated risk when the portal is exposed to untrusted networks or the public internet.

Pulse ID: 69fc45baaffc99649cda5385
Pulse Link: https://otx.alienvault.com/pulse/69fc45baaffc99649cda5385
Pulse Author: AlienVault
Created: 2026-05-07 07:56:42

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Malware #Nginx #Nim #OTX #OpenThreatExchange #RAT #RCE #RemoteCodeExecution #Rust #ShellCode #Vulnerability #Worm #ZeroDay #bot #socks5 #AlienVault

Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution

A buffer overflow vulnerability in the User-ID Authentication Portal of PAN-OS software allows unauthenticated attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls. Limited exploitation has been observed starting April 9, 2026, by a likely state-sponsored threat cluster. Attackers successfully achieved remote code execution by injecting shellcode into nginx worker processes. Post-exploitation activities included deployment of EarthWorm and ReverseSocks5 tunneling tools, Active Directory enumeration using compromised firewall credentials, and systematic log destruction to evade detection. The attackers demonstrated operational discipline with intermittent interactive sessions over multiple weeks, using open-source tools instead of proprietary malware to minimize detection. The vulnerability poses elevated risk when the portal is exposed to untrusted networks or the public internet.

Pulse ID: 69fc45baaffc99649cda5385
Pulse Link: https://otx.alienvault.com/pulse/69fc45baaffc99649cda5385
Pulse Author: AlienVault
Created: 2026-05-07 07:56:42

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Malware #Nginx #Nim #OTX #OpenThreatExchange #RAT #RCE #RemoteCodeExecution #Rust #ShellCode #Vulnerability #Worm #ZeroDay #bot #socks5 #AlienVault

Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution

A buffer overflow vulnerability in the User-ID Authentication Portal of PAN-OS software allows unauthenticated attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls. Limited exploitation has been observed starting April 9, 2026, by a likely state-sponsored threat cluster. Attackers successfully achieved remote code execution by injecting shellcode into nginx worker processes. Post-exploitation activities included deployment of EarthWorm and ReverseSocks5 tunneling tools, Active Directory enumeration using compromised firewall credentials, and systematic log destruction to evade detection. The attackers demonstrated operational discipline with intermittent interactive sessions over multiple weeks, using open-source tools instead of proprietary malware to minimize detection. The vulnerability poses elevated risk when the portal is exposed to untrusted networks or the public internet.

Pulse ID: 69fc45baaffc99649cda5385
Pulse Link: https://otx.alienvault.com/pulse/69fc45baaffc99649cda5385
Pulse Author: AlienVault
Created: 2026-05-07 07:56:42

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Malware #Nginx #Nim #OTX #OpenThreatExchange #RAT #RCE #RemoteCodeExecution #Rust #ShellCode #Vulnerability #Worm #ZeroDay #bot #socks5 #AlienVault

Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution

A buffer overflow vulnerability in the User-ID Authentication Portal of PAN-OS software allows unauthenticated attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls. Limited exploitation has been observed starting April 9, 2026, by a likely state-sponsored threat cluster. Attackers successfully achieved remote code execution by injecting shellcode into nginx worker processes. Post-exploitation activities included deployment of EarthWorm and ReverseSocks5 tunneling tools, Active Directory enumeration using compromised firewall credentials, and systematic log destruction to evade detection. The attackers demonstrated operational discipline with intermittent interactive sessions over multiple weeks, using open-source tools instead of proprietary malware to minimize detection. The vulnerability poses elevated risk when the portal is exposed to untrusted networks or the public internet.

Pulse ID: 69fc45baaffc99649cda5385
Pulse Link: https://otx.alienvault.com/pulse/69fc45baaffc99649cda5385
Pulse Author: AlienVault
Created: 2026-05-07 07:56:42

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Malware #Nginx #Nim #OTX #OpenThreatExchange #RAT #RCE #RemoteCodeExecution #Rust #ShellCode #Vulnerability #Worm #ZeroDay #bot #socks5 #AlienVault

Anthropic's AI Tool Exposes to One-Click Remote Code Execution Risk

A single click on Claude Code's generic dialog can unleash a major security risk, allowing an unsandboxed Node.js process to spawn with full user privileges. This vulnerability can be exploited using just two common JSON files, putting developers at risk of one-click remote code execution.

https://osintsights.com/anthropics-ai-tool-exposes-to-one-click-remote-code-execution-risk?utm_source=mastodon&utm_medium=social

#RemoteCodeExecution #AiSecurity #Nodejs #ModelContextProtocol #OneclickExploit

Uptick in Bomgar RMM Exploitation

Since early April 2026, security researchers have observed a significant increase in attacks targeting Bomgar remote monitoring and management instances, exploiting CVE-2026-1731, a critical vulnerability disclosed in February. Threat actors have compromised Bomgar RMM to target downstream customers of MSPs and other service providers, affecting over 78 businesses in one incident alone. Attackers deploy LockBit ransomware, create privileged administrator accounts for persistence, install additional remote access tools like AnyDesk and ScreenConnect, and conduct domain reconnaissance. Some incidents involved attempts to disable security tools using BYOVD techniques. The attacks primarily target organizations running outdated Bomgar versions vulnerable to remote code execution, with compromised instances belonging to dental software companies and MSPs enabling widespread impact across their customer bases.

Pulse ID: 69e2bfe152d44136b3c83ec3
Pulse Link: https://otx.alienvault.com/pulse/69e2bfe152d44136b3c83ec3
Pulse Author: AlienVault
Created: 2026-04-17 23:18:57

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AnyDesk #CyberSecurity #InfoSec #LockBit #OTX #OpenThreatExchange #RAT #RansomWare #RemoteCodeExecution #ScreenConnect #Vulnerability #bot #AlienVault

https://winbuzzer.com/2026/04/15/microsoft-april-2026-patch-tuesday-fixes-167-flaws-xcxwbn/

Microsoft April 2026 Patch Tuesday Fixes 167 Flaws, 2 Zero-Days

#PatchTuesday #Microsoft #Security #Cybersecurity #ZeroDayVulnerabilities #MicrosoftSharePoint #MicrosoftDefender #Windows #Windows11 #MicrosoftWindows #WindowsUpdate #RemoteCodeExecution

https://winbuzzer.com/2026/04/15/microsoft-april-2026-patch-tuesday-fixes-167-flaws-xcxwbn/

Microsoft April 2026 Patch Tuesday Fixes 167 Flaws, 2 Zero-Days

#PatchTuesday #Microsoft #Security #Cybersecurity #ZeroDayVulnerabilities #MicrosoftSharePoint #MicrosoftDefender #Windows #Windows11 #MicrosoftWindows #WindowsUpdate #RemoteCodeExecution

https://winbuzzer.com/2026/04/15/microsoft-april-2026-patch-tuesday-fixes-167-flaws-xcxwbn/

Microsoft April 2026 Patch Tuesday Fixes 167 Flaws, 2 Zero-Days

#PatchTuesday #Microsoft #Security #Cybersecurity #ZeroDayVulnerabilities #MicrosoftSharePoint #MicrosoftDefender #Windows #Windows11 #MicrosoftWindows #WindowsUpdate #RemoteCodeExecution

https://winbuzzer.com/2026/04/15/microsoft-april-2026-patch-tuesday-fixes-167-flaws-xcxwbn/

Microsoft April 2026 Patch Tuesday Fixes 167 Flaws, 2 Zero-Days

#PatchTuesday #Microsoft #Security #Cybersecurity #ZeroDayVulnerabilities #MicrosoftSharePoint #MicrosoftDefender #Windows #Windows11 #MicrosoftWindows #WindowsUpdate #RemoteCodeExecution

https://winbuzzer.com/2026/03/26/chrome-update-fixes-8-high-risk-browser-vulnerabilities-xcxwbn/

Chrome Update Fixes 8 High-Risk Browser Vulnerabilities

#GoogleChrome #Google #WebBrowsers #Cybersecurity #ZeroDayVulnerabilities #BigTech #MicrosoftEdge #Opera #RemoteCodeExecution #DataSecurity #Exploits #Chrome146 #Alphabet

https://winbuzzer.com/2026/03/26/chrome-update-fixes-8-high-risk-browser-vulnerabilities-xcxwbn/

Chrome Update Fixes 8 High-Risk Browser Vulnerabilities

#GoogleChrome #Google #WebBrowsers #Cybersecurity #ZeroDayVulnerabilities #BigTech #MicrosoftEdge #Opera #RemoteCodeExecution #DataSecurity #Exploits #Chrome146 #Alphabet

https://winbuzzer.com/2026/03/26/chrome-update-fixes-8-high-risk-browser-vulnerabilities-xcxwbn/

Chrome Update Fixes 8 High-Risk Browser Vulnerabilities

#GoogleChrome #Google #WebBrowsers #Cybersecurity #ZeroDayVulnerabilities #BigTech #MicrosoftEdge #Opera #RemoteCodeExecution #DataSecurity #Exploits #Chrome146 #Alphabet

https://winbuzzer.com/2026/03/26/chrome-update-fixes-8-high-risk-browser-vulnerabilities-xcxwbn/

Chrome Update Fixes 8 High-Risk Browser Vulnerabilities

#GoogleChrome #Google #WebBrowsers #Cybersecurity #ZeroDayVulnerabilities #BigTech #MicrosoftEdge #Opera #RemoteCodeExecution #DataSecurity #Exploits #Chrome146 #Alphabet

https://winbuzzer.com/2026/03/16/kb5084597-microsoft-windows-11-emergency-hotpatch-rras-flaws-xcxwbn/

Microsoft Issues Emergency KB5084597 Hotpatch for RRAS Flaws

#Microsoft #Windows1124H2 #Windows11 #Cybersecurity #SecurityVulnerabilities #SecurityFlaws #RemoteCodeExecution #SoftwareUpdates #WindowsUpdate ##WindowsServer #Windows1125H2 #RRAS #Kb5084597

Overlooked WSUS configurations could be your network's Achilles' heel—hackers can seize SYSTEM-level control with zero user input. Microsoft's rapid patch is out. Is your server safe?

https://thedefendopsdiaries.com/critical-wsus-vulnerability-cve-2025-59287-immediate-action-required-to-prevent-network-wide-attacks/

#wsus
#cve202559287
#windowsserver
#remotecodeexecution
#cybersecurity
#patchmanagement
#networksecurity
#microsoftsecurity
#zeroday

Critical Git Vulnerability Let Attackers Execute Remote Code : PoC Published https://gbhackers.com/git-flaw-remote-code-execution/ #VulnerabilityAnalysis #Remotecodeexecution #CyberSecurityNews #GitVulnerability #Vulnerability

Articles laud a particular team at a #dotCon for finding vulnerabilities in a #modem.

The funny thing is the #vulnerability appears to be in the #firmware and not the modem per se. The firmware is likely #propietary, so this is *not* not the great success story for the dotCon as the #securityTheatre-hungry talking heads may suggest.

Modems will be safer when they are fully #FOSS

#routerFreedom #modemFreedom #RCE #gooGlE #remoteCodeExecution