home.social

#remotecodeexecution — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #remotecodeexecution, aggregated by home.social.

  1. OTX Bot @[email protected] ·

    Exploitation of KnowledgeDeliver via ViewState Deserialization Vulnerability

    In late 2025, an unknown threat actor exploited a critical zero-day vulnerability in KnowledgeDeliver, a Learning Management System widely used in Japan. The vulnerability, tracked as CVE-2026-5426, allowed unauthenticated remote code execution through ViewState deserialization attacks. The issue stemmed from identical hardcoded ASP.NET machine keys distributed across multiple customer deployments in the vendor's configuration files. Attackers obtained these keys from one deployment and used them to compromise other internet-facing instances. Following initial access, threat actors deployed the BLUEBEAM in-memory web shell, modified JavaScript files to display fake security alerts, and tricked users into installing malicious software that delivered Cobalt Strike BEACON backdoors. The attack demonstrates the severe risks of shared secrets in deployment templates and highlights the importance of unique cryptographic keys per installation.

    Pulse ID: 6a140384686e44f07358066d
    Pulse Link: otx.alienvault.com/pulse/6a140
    Pulse Author: AlienVault
    Created: 2026-05-25 08:08:36

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BackDoor #CobaltStrike #CyberSecurity #Edge #InfoSec #Japan #Java #JavaScript #Mac #NET #OTX #OpenThreatExchange #RAT #RemoteCodeExecution #Vulnerability #ZeroDay #bot #AlienVault

    #backdoor #cobaltstrike #cybersecurity #edge #infosec #japan
  2. OTX Bot @[email protected] ·

    Laravel Lang Compromised with RCE Backdoor Across 700+ Versions

    Community-maintained Laravel Lang packages were compromised with remote code execution backdoors affecting over 700 versions across multiple repositories including laravel-lang/lang, laravel-lang/http-statuses, laravel-lang/attributes, and laravel-lang/actions. The attack involved coordinated rapid tag publishing on May 22-23, 2026, suggesting organization-level credential compromise. A malicious helpers.php file was automatically executed via Composer's autoloader, deploying a sophisticated cross-platform information stealer. The second-stage payload systematically harvested credentials from cloud infrastructure, Kubernetes, CI/CD systems, browsers, password managers, cryptocurrency wallets, VPN clients, and local configurations. Stolen data was encrypted and exfiltrated to a command-and-control server. The backdoor employed advanced evasion techniques including TLS verification bypass, per-host execution markers, and embedded Windows executables to bypass Chrome encryption protections.

    Pulse ID: 6a1187d92cdbfd79095008cd
    Pulse Link: otx.alienvault.com/pulse/6a118
    Pulse Author: AlienVault
    Created: 2026-05-23 10:56:25

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BackDoor #Browser #Chrome #Cloud #CyberSecurity #Encryption #HTTP #InfoSec #OTX #OpenThreatExchange #PHP #Password #RAT #RCE #RemoteCodeExecution #TLS #VPN #Windows #Word #bot #cryptocurrency #AlienVault

    #backdoor #browser #chrome #cloud #cybersecurity #encryption
  3. OTX Bot @[email protected] ·

    Laravel Lang Compromised with RCE Backdoor Across 700+ Versions

    Community-maintained Laravel Lang packages were compromised with remote code execution backdoors affecting over 700 versions across multiple repositories including laravel-lang/lang, laravel-lang/http-statuses, laravel-lang/attributes, and laravel-lang/actions. The attack involved coordinated rapid tag publishing on May 22-23, 2026, suggesting organization-level credential compromise. A malicious helpers.php file was automatically executed via Composer's autoloader, deploying a sophisticated cross-platform information stealer. The second-stage payload systematically harvested credentials from cloud infrastructure, Kubernetes, CI/CD systems, browsers, password managers, cryptocurrency wallets, VPN clients, and local configurations. Stolen data was encrypted and exfiltrated to a command-and-control server. The backdoor employed advanced evasion techniques including TLS verification bypass, per-host execution markers, and embedded Windows executables to bypass Chrome encryption protections.

    Pulse ID: 6a1187d92cdbfd79095008cd
    Pulse Link: otx.alienvault.com/pulse/6a118
    Pulse Author: AlienVault
    Created: 2026-05-23 10:56:25

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BackDoor #Browser #Chrome #Cloud #CyberSecurity #Encryption #HTTP #InfoSec #OTX #OpenThreatExchange #PHP #Password #RAT #RCE #RemoteCodeExecution #TLS #VPN #Windows #Word #bot #cryptocurrency #AlienVault

    #backdoor #browser #chrome #cloud #cybersecurity #encryption
  4. OTX Bot @[email protected] ·

    Laravel Lang Compromised with RCE Backdoor Across 700+ Versions

    Community-maintained Laravel Lang packages were compromised with remote code execution backdoors affecting over 700 versions across multiple repositories including laravel-lang/lang, laravel-lang/http-statuses, laravel-lang/attributes, and laravel-lang/actions. The attack involved coordinated rapid tag publishing on May 22-23, 2026, suggesting organization-level credential compromise. A malicious helpers.php file was automatically executed via Composer's autoloader, deploying a sophisticated cross-platform information stealer. The second-stage payload systematically harvested credentials from cloud infrastructure, Kubernetes, CI/CD systems, browsers, password managers, cryptocurrency wallets, VPN clients, and local configurations. Stolen data was encrypted and exfiltrated to a command-and-control server. The backdoor employed advanced evasion techniques including TLS verification bypass, per-host execution markers, and embedded Windows executables to bypass Chrome encryption protections.

    Pulse ID: 6a1187d92cdbfd79095008cd
    Pulse Link: otx.alienvault.com/pulse/6a118
    Pulse Author: AlienVault
    Created: 2026-05-23 10:56:25

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BackDoor #Browser #Chrome #Cloud #CyberSecurity #Encryption #HTTP #InfoSec #OTX #OpenThreatExchange #PHP #Password #RAT #RCE #RemoteCodeExecution #TLS #VPN #Windows #Word #bot #cryptocurrency #AlienVault

    #backdoor #browser #chrome #cloud #cybersecurity #encryption
  5. OTX Bot @[email protected] ·

    Laravel Lang Compromised with RCE Backdoor Across 700+ Versions

    Community-maintained Laravel Lang packages were compromised with remote code execution backdoors affecting over 700 versions across multiple repositories including laravel-lang/lang, laravel-lang/http-statuses, laravel-lang/attributes, and laravel-lang/actions. The attack involved coordinated rapid tag publishing on May 22-23, 2026, suggesting organization-level credential compromise. A malicious helpers.php file was automatically executed via Composer's autoloader, deploying a sophisticated cross-platform information stealer. The second-stage payload systematically harvested credentials from cloud infrastructure, Kubernetes, CI/CD systems, browsers, password managers, cryptocurrency wallets, VPN clients, and local configurations. Stolen data was encrypted and exfiltrated to a command-and-control server. The backdoor employed advanced evasion techniques including TLS verification bypass, per-host execution markers, and embedded Windows executables to bypass Chrome encryption protections.

    Pulse ID: 6a1187d92cdbfd79095008cd
    Pulse Link: otx.alienvault.com/pulse/6a118
    Pulse Author: AlienVault
    Created: 2026-05-23 10:56:25

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BackDoor #Browser #Chrome #Cloud #CyberSecurity #Encryption #HTTP #InfoSec #OTX #OpenThreatExchange #PHP #Password #RAT #RCE #RemoteCodeExecution #TLS #VPN #Windows #Word #bot #cryptocurrency #AlienVault

    #backdoor #browser #chrome #cloud #cybersecurity #encryption
  6. OTX Bot @[email protected] ·

    Laravel Lang Compromised with RCE Backdoor Across 700+ Versions

    Community-maintained Laravel Lang packages were compromised with remote code execution backdoors affecting over 700 versions across multiple repositories including laravel-lang/lang, laravel-lang/http-statuses, laravel-lang/attributes, and laravel-lang/actions. The attack involved coordinated rapid tag publishing on May 22-23, 2026, suggesting organization-level credential compromise. A malicious helpers.php file was automatically executed via Composer's autoloader, deploying a sophisticated cross-platform information stealer. The second-stage payload systematically harvested credentials from cloud infrastructure, Kubernetes, CI/CD systems, browsers, password managers, cryptocurrency wallets, VPN clients, and local configurations. Stolen data was encrypted and exfiltrated to a command-and-control server. The backdoor employed advanced evasion techniques including TLS verification bypass, per-host execution markers, and embedded Windows executables to bypass Chrome encryption protections.

    Pulse ID: 6a1187d92cdbfd79095008cd
    Pulse Link: otx.alienvault.com/pulse/6a118
    Pulse Author: AlienVault
    Created: 2026-05-23 10:56:25

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BackDoor #Browser #Chrome #Cloud #CyberSecurity #Encryption #HTTP #InfoSec #OTX #OpenThreatExchange #PHP #Password #RAT #RCE #RemoteCodeExecution #TLS #VPN #Windows #Word #bot #cryptocurrency #AlienVault

    #alienvault #cryptocurrency #bot #word #windows #vpn
  7. OTX Bot @[email protected] ·

    From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence

    A sophisticated multi-stage intrusion began with the compromise of an internet-facing F5 BIG-IP load balancer running an end-of-life version. The threat actor established SSH access to a Linux server using privileged credentials, then conducted extensive reconnaissance including network scanning with Nmap and service enumeration with gowitness. Following horizontal and vertical scanning operations, the actor identified and compromised an unpatched internal Atlassian Confluence server via remote code execution. Credentials extracted from Confluence configuration files were subsequently used to attempt Kerberos relay attacks against Active Directory infrastructure and exploit CVE-2025-33073. The incident demonstrates how edge device compromises enable lateral movement across hybrid environments, bypassing traditional security controls through trusted relationships and exploiting insufficient monitoring of non-Windows systems and internal applications.

    Pulse ID: 6a10949191ce7d3c3f2f8105
    Pulse Link: otx.alienvault.com/pulse/6a109
    Pulse Author: AlienVault
    Created: 2026-05-22 17:38:25

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Atlassian #Confluence #CyberSecurity #Edge #InfoSec #Linux #OTX #OpenThreatExchange #RAT #RemoteCodeExecution #Rust #SSH #Windows #bot #AlienVault

    #atlassian #confluence #cybersecurity #edge #infosec #linux
  8. OTX Bot @[email protected] ·

    From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence

    A sophisticated multi-stage intrusion began with the compromise of an internet-facing F5 BIG-IP load balancer running an end-of-life version. The threat actor established SSH access to a Linux server using privileged credentials, then conducted extensive reconnaissance including network scanning with Nmap and service enumeration with gowitness. Following horizontal and vertical scanning operations, the actor identified and compromised an unpatched internal Atlassian Confluence server via remote code execution. Credentials extracted from Confluence configuration files were subsequently used to attempt Kerberos relay attacks against Active Directory infrastructure and exploit CVE-2025-33073. The incident demonstrates how edge device compromises enable lateral movement across hybrid environments, bypassing traditional security controls through trusted relationships and exploiting insufficient monitoring of non-Windows systems and internal applications.

    Pulse ID: 6a10949191ce7d3c3f2f8105
    Pulse Link: otx.alienvault.com/pulse/6a109
    Pulse Author: AlienVault
    Created: 2026-05-22 17:38:25

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Atlassian #Confluence #CyberSecurity #Edge #InfoSec #Linux #OTX #OpenThreatExchange #RAT #RemoteCodeExecution #Rust #SSH #Windows #bot #AlienVault

    #atlassian #confluence #cybersecurity #edge #infosec #linux
  9. OTX Bot @[email protected] ·

    From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence

    A sophisticated multi-stage intrusion began with the compromise of an internet-facing F5 BIG-IP load balancer running an end-of-life version. The threat actor established SSH access to a Linux server using privileged credentials, then conducted extensive reconnaissance including network scanning with Nmap and service enumeration with gowitness. Following horizontal and vertical scanning operations, the actor identified and compromised an unpatched internal Atlassian Confluence server via remote code execution. Credentials extracted from Confluence configuration files were subsequently used to attempt Kerberos relay attacks against Active Directory infrastructure and exploit CVE-2025-33073. The incident demonstrates how edge device compromises enable lateral movement across hybrid environments, bypassing traditional security controls through trusted relationships and exploiting insufficient monitoring of non-Windows systems and internal applications.

    Pulse ID: 6a10949191ce7d3c3f2f8105
    Pulse Link: otx.alienvault.com/pulse/6a109
    Pulse Author: AlienVault
    Created: 2026-05-22 17:38:25

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Atlassian #Confluence #CyberSecurity #Edge #InfoSec #Linux #OTX #OpenThreatExchange #RAT #RemoteCodeExecution #Rust #SSH #Windows #bot #AlienVault

    #atlassian #confluence #cybersecurity #edge #infosec #linux
  10. OTX Bot @[email protected] ·

    From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence

    A sophisticated multi-stage intrusion began with the compromise of an internet-facing F5 BIG-IP load balancer running an end-of-life version. The threat actor established SSH access to a Linux server using privileged credentials, then conducted extensive reconnaissance including network scanning with Nmap and service enumeration with gowitness. Following horizontal and vertical scanning operations, the actor identified and compromised an unpatched internal Atlassian Confluence server via remote code execution. Credentials extracted from Confluence configuration files were subsequently used to attempt Kerberos relay attacks against Active Directory infrastructure and exploit CVE-2025-33073. The incident demonstrates how edge device compromises enable lateral movement across hybrid environments, bypassing traditional security controls through trusted relationships and exploiting insufficient monitoring of non-Windows systems and internal applications.

    Pulse ID: 6a10949191ce7d3c3f2f8105
    Pulse Link: otx.alienvault.com/pulse/6a109
    Pulse Author: AlienVault
    Created: 2026-05-22 17:38:25

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Atlassian #Confluence #CyberSecurity #Edge #InfoSec #Linux #OTX #OpenThreatExchange #RAT #RemoteCodeExecution #Rust #SSH #Windows #bot #AlienVault

    #alienvault #bot #windows #ssh #rust #remotecodeexecution
  11. OTX Bot @[email protected] ·

    From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence

    A sophisticated multi-stage intrusion began with the compromise of an internet-facing F5 BIG-IP load balancer running an end-of-life version. The threat actor established SSH access to a Linux server using privileged credentials, then conducted extensive reconnaissance including network scanning with Nmap and service enumeration with gowitness. Following horizontal and vertical scanning operations, the actor identified and compromised an unpatched internal Atlassian Confluence server via remote code execution. Credentials extracted from Confluence configuration files were subsequently used to attempt Kerberos relay attacks against Active Directory infrastructure and exploit CVE-2025-33073. The incident demonstrates how edge device compromises enable lateral movement across hybrid environments, bypassing traditional security controls through trusted relationships and exploiting insufficient monitoring of non-Windows systems and internal applications.

    Pulse ID: 6a10949191ce7d3c3f2f8105
    Pulse Link: otx.alienvault.com/pulse/6a109
    Pulse Author: AlienVault
    Created: 2026-05-22 17:38:25

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Atlassian #Confluence #CyberSecurity #Edge #InfoSec #Linux #OTX #OpenThreatExchange #RAT #RemoteCodeExecution #Rust #SSH #Windows #bot #AlienVault

    #atlassian #confluence #cybersecurity #edge #infosec #linux
  12. OTX Bot @[email protected] ·

    Laravel-Lang Supply Chain Attack Enables Remote Code Execution

    Pulse ID: 6a123448b3721c8f8883af50
    Pulse Link: otx.alienvault.com/pulse/6a123
    Pulse Author: cryptocti
    Created: 2026-05-23 23:12:08

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #InfoSec #OTX #OpenThreatExchange #RemoteCodeExecution #SupplyChain #bot #cryptocti

    #cybersecurity #infosec #otx #openthreatexchange #remotecodeexecution #supplychain
  13. OTX Bot @[email protected] ·

    Laravel-Lang Supply Chain Attack Enables Remote Code Execution

    Pulse ID: 6a123448b3721c8f8883af50
    Pulse Link: otx.alienvault.com/pulse/6a123
    Pulse Author: cryptocti
    Created: 2026-05-23 23:12:08

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #InfoSec #OTX #OpenThreatExchange #RemoteCodeExecution #SupplyChain #bot #cryptocti

    #cybersecurity #infosec #otx #openthreatexchange #remotecodeexecution #supplychain
  14. OTX Bot @[email protected] ·

    Laravel-Lang Supply Chain Attack Enables Remote Code Execution

    Pulse ID: 6a123448b3721c8f8883af50
    Pulse Link: otx.alienvault.com/pulse/6a123
    Pulse Author: cryptocti
    Created: 2026-05-23 23:12:08

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #InfoSec #OTX #OpenThreatExchange #RemoteCodeExecution #SupplyChain #bot #cryptocti

    #cybersecurity #infosec #otx #openthreatexchange #remotecodeexecution #supplychain
  15. OTX Bot @[email protected] ·

    Laravel-Lang Supply Chain Attack Enables Remote Code Execution

    Pulse ID: 6a123448b3721c8f8883af50
    Pulse Link: otx.alienvault.com/pulse/6a123
    Pulse Author: cryptocti
    Created: 2026-05-23 23:12:08

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #InfoSec #OTX #OpenThreatExchange #RemoteCodeExecution #SupplyChain #bot #cryptocti

    #cryptocti #bot #supplychain #remotecodeexecution #openthreatexchange #otx
  16. OTX Bot @[email protected] ·

    Laravel-Lang Supply Chain Attack Enables Remote Code Execution

    Pulse ID: 6a123448b3721c8f8883af50
    Pulse Link: otx.alienvault.com/pulse/6a123
    Pulse Author: cryptocti
    Created: 2026-05-23 23:12:08

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #InfoSec #OTX #OpenThreatExchange #RemoteCodeExecution #SupplyChain #bot #cryptocti

    #cybersecurity #infosec #otx #openthreatexchange #remotecodeexecution #supplychain
  17. github.com/ghostwriter @[email protected] ·

    🚨 A compromise affecting the community-maintained Laravel Lang project introduced remote code execution backdoors across multiple packages, including:

    - Laravel-Lang/lang
    - Laravel-Lang/http-statuses
    - Laravel-Lang/actions
    - Laravel-Lang/attributes

    All tags were rewritten pointing to malicious commits

    aikido.dev/blog/supply-chain-a

    github.com/Laravel-Lang/lang/i

    github.com/Laravel-Lang/common

    stepsecurity.io/blog/laravel-l

    socket.dev/blog/laravel-lang-c

    #PHP #Laravel #SupplyChainAttack #RemoteCodeExecution #RCE #Packagist

    #php #laravel #supplychainattack #remotecodeexecution #rce #packagist
  18. github.com/ghostwriter @[email protected] ·

    🚨 A compromise affecting the community-maintained Laravel Lang project introduced remote code execution backdoors across multiple packages, including:

    - Laravel-Lang/lang
    - Laravel-Lang/http-statuses
    - Laravel-Lang/actions
    - Laravel-Lang/attributes

    All tags were rewritten pointing to malicious commits

    aikido.dev/blog/supply-chain-a

    github.com/Laravel-Lang/lang/i

    github.com/Laravel-Lang/common

    stepsecurity.io/blog/laravel-l

    socket.dev/blog/laravel-lang-c

    #PHP #Laravel #SupplyChainAttack #RemoteCodeExecution #RCE #Packagist

    #php #laravel #supplychainattack #remotecodeexecution #rce #packagist
  19. github.com/ghostwriter @[email protected] ·

    🚨 A compromise affecting the community-maintained Laravel Lang project introduced remote code execution backdoors across multiple packages, including:

    - Laravel-Lang/lang
    - Laravel-Lang/http-statuses
    - Laravel-Lang/actions
    - Laravel-Lang/attributes

    All tags were rewritten pointing to malicious commits

    aikido.dev/blog/supply-chain-a

    github.com/Laravel-Lang/lang/i

    github.com/Laravel-Lang/common

    stepsecurity.io/blog/laravel-l

    socket.dev/blog/laravel-lang-c

    #PHP #Laravel #SupplyChainAttack #RemoteCodeExecution #RCE #Packagist

    #php #laravel #supplychainattack #remotecodeexecution #rce #packagist
  20. github.com/ghostwriter @[email protected] ·

    🚨 A compromise affecting the community-maintained Laravel Lang project introduced remote code execution backdoors across multiple packages, including:

    - Laravel-Lang/lang
    - Laravel-Lang/http-statuses
    - Laravel-Lang/actions
    - Laravel-Lang/attributes

    All tags were rewritten pointing to malicious commits

    aikido.dev/blog/supply-chain-a

    github.com/Laravel-Lang/lang/i

    github.com/Laravel-Lang/common

    stepsecurity.io/blog/laravel-l

    socket.dev/blog/laravel-lang-c

    #PHP #Laravel #SupplyChainAttack #RemoteCodeExecution #RCE #Packagist

    #packagist #rce #remotecodeexecution #supplychainattack #laravel #php
  21. github.com/ghostwriter @[email protected] ·

    🚨 A compromise affecting the community-maintained Laravel Lang project introduced remote code execution backdoors across multiple packages, including:

    - Laravel-Lang/lang
    - Laravel-Lang/http-statuses
    - Laravel-Lang/actions
    - Laravel-Lang/attributes

    All tags were rewritten pointing to malicious commits

    aikido.dev/blog/supply-chain-a

    github.com/Laravel-Lang/lang/i

    github.com/Laravel-Lang/common

    stepsecurity.io/blog/laravel-l

    socket.dev/blog/laravel-lang-c

    #PHP #Laravel #SupplyChainAttack #RemoteCodeExecution #RCE #Packagist

    #php #laravel #supplychainattack #remotecodeexecution #rce #packagist
  22. Benjamin Carr, Ph.D. 👨🏻‍💻🧬 @BenjaminHCCarr ·

    has accidentally leaked details about an unfixed issue in that keeps running in the background even when the browser is closed, allowing on the device.
    An attacker could the problem to create a malicious webpage with a Service Worker, such as a download task, that never terminates. Rebane says that this could allow an attacker to execute JavaScript code on the visitors' devices.
    bleepingcomputer.com/news/secu

    #google #chromium #javascript #remotecodeexecution #exploit #rce
  23. Benjamin Carr, Ph.D. 👨🏻‍💻🧬 @[email protected] ·

    #Google has accidentally leaked details about an unfixed issue in #Chromium that keeps #JavaScript running in the background even when the browser is closed, allowing #remotecodeexecution on the device.
    An attacker could #exploit the problem to create a malicious webpage with a Service Worker, such as a download task, that never terminates. Rebane says that this could allow an attacker to execute JavaScript code on the visitors' devices.
    bleepingcomputer.com/news/secu #RCE

    #google #chromium #javascript #remotecodeexecution #exploit #rce
  24. Benjamin Carr, Ph.D. 👨🏻‍💻🧬 @[email protected] ·

    #Google has accidentally leaked details about an unfixed issue in #Chromium that keeps #JavaScript running in the background even when the browser is closed, allowing #remotecodeexecution on the device.
    An attacker could #exploit the problem to create a malicious webpage with a Service Worker, such as a download task, that never terminates. Rebane says that this could allow an attacker to execute JavaScript code on the visitors' devices.
    bleepingcomputer.com/news/secu #RCE

    #google #chromium #javascript #remotecodeexecution #exploit #rce
  25. Benjamin Carr, Ph.D. 👨🏻‍💻🧬 @[email protected] ·

    #Google has accidentally leaked details about an unfixed issue in #Chromium that keeps #JavaScript running in the background even when the browser is closed, allowing #remotecodeexecution on the device.
    An attacker could #exploit the problem to create a malicious webpage with a Service Worker, such as a download task, that never terminates. Rebane says that this could allow an attacker to execute JavaScript code on the visitors' devices.
    bleepingcomputer.com/news/secu #RCE

    #rce #exploit #remotecodeexecution #javascript #chromium #google
  26. Benjamin Carr, Ph.D. 👨🏻‍💻🧬 @[email protected] ·

    #Google has accidentally leaked details about an unfixed issue in #Chromium that keeps #JavaScript running in the background even when the browser is closed, allowing #remotecodeexecution on the device.
    An attacker could #exploit the problem to create a malicious webpage with a Service Worker, such as a download task, that never terminates. Rebane says that this could allow an attacker to execute JavaScript code on the visitors' devices.
    bleepingcomputer.com/news/secu #RCE

    #google #chromium #javascript #remotecodeexecution #exploit #rce
  27. OTX Bot @[email protected] ·

    The Worm That Keeps on Digging: Latest Wave

    A sophisticated supply chain campaign targeting the open source developer ecosystem has emerged, compromising NPM packages in the @antv namespace, GitHub Actions including actions-cool/issues-helper, and the VSCode extension nrwl.angular-console. The malware initiates multi-stage infection chains using GitHub-hosted infrastructure and orphaned commits to deploy payloads via bun. It harvests extensive credentials including GitHub tokens, SSH keys, cloud credentials, and browser secrets, exfiltrating data through attacker-controlled public GitHub repositories. The campaign establishes persistence through a Python backdoor that polls GitHub for signed commands containing specific trigger strings, enabling remote code execution. Infrastructure analysis and operational patterns indicate moderate confidence attribution to the threat actor TeamPCP.

    Pulse ID: 6a0c5b666ccb232590e33087
    Pulse Link: otx.alienvault.com/pulse/6a0c5
    Pulse Author: AlienVault
    Created: 2026-05-19 12:45:26

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #BackDoor #Browser #Cloud #CyberSecurity #GitHub #InfoSec #Malware #NPM #OTX #OpenThreatExchange #Python #RAT #RCE #RemoteCodeExecution #SSH #SupplyChain #Troll #Worm #bot #AlienVault

    #backdoor #browser #cloud #cybersecurity #github #infosec
  28. Analyst207 @[email protected] ·

    Drupal Flaw Exposes PostgreSQL Sites to Remote Code Execution Attacks

    A vulnerability in Drupal Core's database abstraction API leaves PostgreSQL sites open to devastating SQL injection attacks, allowing hackers to send malicious requests and wreak havoc. This highly critical flaw, tracked as CVE-2026-9082, has been patched with urgent security updates.

    osintsights.com/drupal-flaw-ex

    #SqlInjection #RemoteCodeExecution #Postgresql #Drupal #Cve20269082

    #sqlinjection #remotecodeexecution #postgresql #drupal #cve20269082
  29. OTX Bot @[email protected] ·

    9 Year-Old PHP Vulnerability Keeps Swinging As One of the Most Targeted Vulnerabilities

    CVE-2017-9841, a remote code execution vulnerability in PHPUnit's eval-stdin.php file, remains highly exploited nearly a decade after disclosure. Analysis reveals over 80,000 exploitation attempts detected in 30 days, with 36,500 hits in the last 10 days alone. The vulnerability affects PHPUnit versions prior to 4.8.28 and 5.x before 5.6.3, allowing attackers to execute arbitrary PHP code via POST requests without authentication. Mass-scanning infrastructure targets dozens of framework-specific paths across Laravel, Drupal, Yii, and WordPress installations. Primary attack sources include compromised infrastructure in the UK and US, delivering webshells and botnet payloads. Multiple botnets including RondoDox, Kinsing, KashmirBlack, Sysrv, and Androxgh0st actively exploit this vulnerability. The persistent exploitation stems from developers failing to exclude development dependencies in production environments and exposing vendor directories to web servers.

    Pulse ID: 6a0ca36a3571d3fbd4cd92bc
    Pulse Link: otx.alienvault.com/pulse/6a0ca
    Pulse Author: AlienVault
    Created: 2026-05-19 17:52:42

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #AndroxGh0st #CyberSecurity #InfoSec #Kinsing #OTX #OpenThreatExchange #PHP #RCE #RDP #RemoteCodeExecution #UK #Vulnerability #Word #Wordpress #bot #botnet #developers #AlienVault

    #androxgh0st #cybersecurity #infosec #kinsing #otx #openthreatexchange
  30. OTX Bot @[email protected] ·

    9 Year-Old PHP Vulnerability Keeps Swinging As One of the Most Targeted Vulnerabilities

    CVE-2017-9841, a remote code execution vulnerability in PHPUnit's eval-stdin.php file, remains highly exploited nearly a decade after disclosure. Analysis reveals over 80,000 exploitation attempts detected in 30 days, with 36,500 hits in the last 10 days alone. The vulnerability affects PHPUnit versions prior to 4.8.28 and 5.x before 5.6.3, allowing attackers to execute arbitrary PHP code via POST requests without authentication. Mass-scanning infrastructure targets dozens of framework-specific paths across Laravel, Drupal, Yii, and WordPress installations. Primary attack sources include compromised infrastructure in the UK and US, delivering webshells and botnet payloads. Multiple botnets including RondoDox, Kinsing, KashmirBlack, Sysrv, and Androxgh0st actively exploit this vulnerability. The persistent exploitation stems from developers failing to exclude development dependencies in production environments and exposing vendor directories to web servers.

    Pulse ID: 6a0ca36a3571d3fbd4cd92bc
    Pulse Link: otx.alienvault.com/pulse/6a0ca
    Pulse Author: AlienVault
    Created: 2026-05-19 17:52:42

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #AndroxGh0st #CyberSecurity #InfoSec #Kinsing #OTX #OpenThreatExchange #PHP #RCE #RDP #RemoteCodeExecution #UK #Vulnerability #Word #Wordpress #bot #botnet #developers #AlienVault

    #androxgh0st #cybersecurity #infosec #kinsing #otx #openthreatexchange
  31. OTX Bot @[email protected] ·

    9 Year-Old PHP Vulnerability Keeps Swinging As One of the Most Targeted Vulnerabilities

    CVE-2017-9841, a remote code execution vulnerability in PHPUnit's eval-stdin.php file, remains highly exploited nearly a decade after disclosure. Analysis reveals over 80,000 exploitation attempts detected in 30 days, with 36,500 hits in the last 10 days alone. The vulnerability affects PHPUnit versions prior to 4.8.28 and 5.x before 5.6.3, allowing attackers to execute arbitrary PHP code via POST requests without authentication. Mass-scanning infrastructure targets dozens of framework-specific paths across Laravel, Drupal, Yii, and WordPress installations. Primary attack sources include compromised infrastructure in the UK and US, delivering webshells and botnet payloads. Multiple botnets including RondoDox, Kinsing, KashmirBlack, Sysrv, and Androxgh0st actively exploit this vulnerability. The persistent exploitation stems from developers failing to exclude development dependencies in production environments and exposing vendor directories to web servers.

    Pulse ID: 6a0ca36a3571d3fbd4cd92bc
    Pulse Link: otx.alienvault.com/pulse/6a0ca
    Pulse Author: AlienVault
    Created: 2026-05-19 17:52:42

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #AndroxGh0st #CyberSecurity #InfoSec #Kinsing #OTX #OpenThreatExchange #PHP #RCE #RDP #RemoteCodeExecution #UK #Vulnerability #Word #Wordpress #bot #botnet #developers #AlienVault

    #androxgh0st #cybersecurity #infosec #kinsing #otx #openthreatexchange
  32. OTX Bot @[email protected] ·

    9 Year-Old PHP Vulnerability Keeps Swinging As One of the Most Targeted Vulnerabilities

    CVE-2017-9841, a remote code execution vulnerability in PHPUnit's eval-stdin.php file, remains highly exploited nearly a decade after disclosure. Analysis reveals over 80,000 exploitation attempts detected in 30 days, with 36,500 hits in the last 10 days alone. The vulnerability affects PHPUnit versions prior to 4.8.28 and 5.x before 5.6.3, allowing attackers to execute arbitrary PHP code via POST requests without authentication. Mass-scanning infrastructure targets dozens of framework-specific paths across Laravel, Drupal, Yii, and WordPress installations. Primary attack sources include compromised infrastructure in the UK and US, delivering webshells and botnet payloads. Multiple botnets including RondoDox, Kinsing, KashmirBlack, Sysrv, and Androxgh0st actively exploit this vulnerability. The persistent exploitation stems from developers failing to exclude development dependencies in production environments and exposing vendor directories to web servers.

    Pulse ID: 6a0ca36a3571d3fbd4cd92bc
    Pulse Link: otx.alienvault.com/pulse/6a0ca
    Pulse Author: AlienVault
    Created: 2026-05-19 17:52:42

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #AndroxGh0st #CyberSecurity #InfoSec #Kinsing #OTX #OpenThreatExchange #PHP #RCE #RDP #RemoteCodeExecution #UK #Vulnerability #Word #Wordpress #bot #botnet #developers #AlienVault

    #alienvault #developers #botnet #bot #wordpress #word
  33. OTX Bot @[email protected] ·

    9 Year-Old PHP Vulnerability Keeps Swinging As One of the Most Targeted Vulnerabilities

    CVE-2017-9841, a remote code execution vulnerability in PHPUnit's eval-stdin.php file, remains highly exploited nearly a decade after disclosure. Analysis reveals over 80,000 exploitation attempts detected in 30 days, with 36,500 hits in the last 10 days alone. The vulnerability affects PHPUnit versions prior to 4.8.28 and 5.x before 5.6.3, allowing attackers to execute arbitrary PHP code via POST requests without authentication. Mass-scanning infrastructure targets dozens of framework-specific paths across Laravel, Drupal, Yii, and WordPress installations. Primary attack sources include compromised infrastructure in the UK and US, delivering webshells and botnet payloads. Multiple botnets including RondoDox, Kinsing, KashmirBlack, Sysrv, and Androxgh0st actively exploit this vulnerability. The persistent exploitation stems from developers failing to exclude development dependencies in production environments and exposing vendor directories to web servers.

    Pulse ID: 6a0ca36a3571d3fbd4cd92bc
    Pulse Link: otx.alienvault.com/pulse/6a0ca
    Pulse Author: AlienVault
    Created: 2026-05-19 17:52:42

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #AndroxGh0st #CyberSecurity #InfoSec #Kinsing #OTX #OpenThreatExchange #PHP #RCE #RDP #RemoteCodeExecution #UK #Vulnerability #Word #Wordpress #bot #botnet #developers #AlienVault

    #androxgh0st #cybersecurity #infosec #kinsing #otx #openthreatexchange
  34. OTX Bot @[email protected] ·

    macOS Stealer Spoofs Apple, Google, and Microsoft in a Single Attack Chain

    A new variant of SHub Stealer dubbed 'Reaper' targets macOS users through fake WeChat and Miro installers, employing sophisticated multi-stage delivery chains that spoof Apple, Google, and Microsoft services. The malware leverages the applescript:// URL scheme to bypass Terminal-based defenses, conducting extensive fingerprinting and anti-analysis checks before execution. Reaper harvests browser credentials, cryptocurrency wallets, developer configurations, iCloud data, and Telegram sessions. It includes an AMOS-style document theft module targeting files under 150MB with chunked uploads. The variant establishes persistence through a fake Google Software Update LaunchAgent and installs a backdoor for remote code execution. The infection specifically avoids CIS regions and employs extensive anti-analysis techniques including WebGL fingerprinting, VM detection, and DevTools interference.

    Pulse ID: 6a0b51f39a34872f37d37c9f
    Pulse Link: otx.alienvault.com/pulse/6a0b5
    Pulse Author: AlienVault
    Created: 2026-05-18 17:52:51

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #AMOS #BackDoor #Browser #Cloud #CyberSecurity #Google #InfoSec #Mac #MacOS #Malware #Microsoft #OTX #OpenThreatExchange #RAT #RemoteCodeExecution #Telegram #bot #cryptocurrency #AlienVault

    #amos #backdoor #browser #cloud #cybersecurity #google
  35. OTX Bot @[email protected] ·

    macOS Stealer Spoofs Apple, Google, and Microsoft in a Single Attack Chain

    A new variant of SHub Stealer dubbed 'Reaper' targets macOS users through fake WeChat and Miro installers, employing sophisticated multi-stage delivery chains that spoof Apple, Google, and Microsoft services. The malware leverages the applescript:// URL scheme to bypass Terminal-based defenses, conducting extensive fingerprinting and anti-analysis checks before execution. Reaper harvests browser credentials, cryptocurrency wallets, developer configurations, iCloud data, and Telegram sessions. It includes an AMOS-style document theft module targeting files under 150MB with chunked uploads. The variant establishes persistence through a fake Google Software Update LaunchAgent and installs a backdoor for remote code execution. The infection specifically avoids CIS regions and employs extensive anti-analysis techniques including WebGL fingerprinting, VM detection, and DevTools interference.

    Pulse ID: 6a0b51f39a34872f37d37c9f
    Pulse Link: otx.alienvault.com/pulse/6a0b5
    Pulse Author: AlienVault
    Created: 2026-05-18 17:52:51

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #AMOS #BackDoor #Browser #Cloud #CyberSecurity #Google #InfoSec #Mac #MacOS #Malware #Microsoft #OTX #OpenThreatExchange #RAT #RemoteCodeExecution #Telegram #bot #cryptocurrency #AlienVault

    #amos #backdoor #browser #cloud #cybersecurity #google
  36. OTX Bot @[email protected] ·

    macOS Stealer Spoofs Apple, Google, and Microsoft in a Single Attack Chain

    A new variant of SHub Stealer dubbed 'Reaper' targets macOS users through fake WeChat and Miro installers, employing sophisticated multi-stage delivery chains that spoof Apple, Google, and Microsoft services. The malware leverages the applescript:// URL scheme to bypass Terminal-based defenses, conducting extensive fingerprinting and anti-analysis checks before execution. Reaper harvests browser credentials, cryptocurrency wallets, developer configurations, iCloud data, and Telegram sessions. It includes an AMOS-style document theft module targeting files under 150MB with chunked uploads. The variant establishes persistence through a fake Google Software Update LaunchAgent and installs a backdoor for remote code execution. The infection specifically avoids CIS regions and employs extensive anti-analysis techniques including WebGL fingerprinting, VM detection, and DevTools interference.

    Pulse ID: 6a0b51f39a34872f37d37c9f
    Pulse Link: otx.alienvault.com/pulse/6a0b5
    Pulse Author: AlienVault
    Created: 2026-05-18 17:52:51

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #AMOS #BackDoor #Browser #Cloud #CyberSecurity #Google #InfoSec #Mac #MacOS #Malware #Microsoft #OTX #OpenThreatExchange #RAT #RemoteCodeExecution #Telegram #bot #cryptocurrency #AlienVault

    #amos #backdoor #browser #cloud #cybersecurity #google
  37. OTX Bot @[email protected] ·

    macOS Stealer Spoofs Apple, Google, and Microsoft in a Single Attack Chain

    A new variant of SHub Stealer dubbed 'Reaper' targets macOS users through fake WeChat and Miro installers, employing sophisticated multi-stage delivery chains that spoof Apple, Google, and Microsoft services. The malware leverages the applescript:// URL scheme to bypass Terminal-based defenses, conducting extensive fingerprinting and anti-analysis checks before execution. Reaper harvests browser credentials, cryptocurrency wallets, developer configurations, iCloud data, and Telegram sessions. It includes an AMOS-style document theft module targeting files under 150MB with chunked uploads. The variant establishes persistence through a fake Google Software Update LaunchAgent and installs a backdoor for remote code execution. The infection specifically avoids CIS regions and employs extensive anti-analysis techniques including WebGL fingerprinting, VM detection, and DevTools interference.

    Pulse ID: 6a0b51f39a34872f37d37c9f
    Pulse Link: otx.alienvault.com/pulse/6a0b5
    Pulse Author: AlienVault
    Created: 2026-05-18 17:52:51

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #AMOS #BackDoor #Browser #Cloud #CyberSecurity #Google #InfoSec #Mac #MacOS #Malware #Microsoft #OTX #OpenThreatExchange #RAT #RemoteCodeExecution #Telegram #bot #cryptocurrency #AlienVault

    #alienvault #cryptocurrency #bot #telegram #remotecodeexecution #rat
  38. OTX Bot @[email protected] ·

    macOS Stealer Spoofs Apple, Google, and Microsoft in a Single Attack Chain

    A new variant of SHub Stealer dubbed 'Reaper' targets macOS users through fake WeChat and Miro installers, employing sophisticated multi-stage delivery chains that spoof Apple, Google, and Microsoft services. The malware leverages the applescript:// URL scheme to bypass Terminal-based defenses, conducting extensive fingerprinting and anti-analysis checks before execution. Reaper harvests browser credentials, cryptocurrency wallets, developer configurations, iCloud data, and Telegram sessions. It includes an AMOS-style document theft module targeting files under 150MB with chunked uploads. The variant establishes persistence through a fake Google Software Update LaunchAgent and installs a backdoor for remote code execution. The infection specifically avoids CIS regions and employs extensive anti-analysis techniques including WebGL fingerprinting, VM detection, and DevTools interference.

    Pulse ID: 6a0b51f39a34872f37d37c9f
    Pulse Link: otx.alienvault.com/pulse/6a0b5
    Pulse Author: AlienVault
    Created: 2026-05-18 17:52:51

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #AMOS #BackDoor #Browser #Cloud #CyberSecurity #Google #InfoSec #Mac #MacOS #Malware #Microsoft #OTX #OpenThreatExchange #RAT #RemoteCodeExecution #Telegram #bot #cryptocurrency #AlienVault

    #amos #backdoor #browser #cloud #cybersecurity #google
  39. Analyst207 @[email protected] ·

    NGINX Flaw CVE-2026-42945 Actively Exploited, Threatens Worker Crashes and RCE

    A newly discovered NGINX flaw, CVE-2026-42945, is being actively exploited, posing a significant threat of worker crashes and remote code execution (RCE) through specially crafted HTTP requests. This high-severity vulnerability, with a CVSS score of 9.2, has been lurking in NGINX versions since 2008,…

    osintsights.com/nginx-flaw-cve

    #Nginx #Cve202642945 #RemoteCodeExecution #HeapBufferOverflow #VulnerabilityExploitation

    #nginx #cve202642945 #remotecodeexecution #heapbufferoverflow #vulnerabilityexploitation
  40. Analyst207 @[email protected] ·

    NGINX Flaw CVE-2026-42945 Actively Exploited, Threatens Worker Crashes and RCE

    A newly discovered NGINX flaw, CVE-2026-42945, is being actively exploited, posing a significant threat of worker crashes and remote code execution (RCE) through specially crafted HTTP requests. This high-severity vulnerability, with a CVSS score of 9.2, has been lurking in NGINX versions since 2008,…

    osintsights.com/nginx-flaw-cve

    #Nginx #Cve202642945 #RemoteCodeExecution #HeapBufferOverflow #VulnerabilityExploitation

    #nginx #cve202642945 #remotecodeexecution #heapbufferoverflow #vulnerabilityexploitation
  41. Analyst207 @[email protected] ·

    NGINX Flaw CVE-2026-42945 Actively Exploited, Threatens Worker Crashes and RCE

    A newly discovered NGINX flaw, CVE-2026-42945, is being actively exploited, posing a significant threat of worker crashes and remote code execution (RCE) through specially crafted HTTP requests. This high-severity vulnerability, with a CVSS score of 9.2, has been lurking in NGINX versions since 2008,…

    osintsights.com/nginx-flaw-cve

    #Nginx #Cve202642945 #RemoteCodeExecution #HeapBufferOverflow #VulnerabilityExploitation

    #nginx #cve202642945 #remotecodeexecution #heapbufferoverflow #vulnerabilityexploitation
  42. Analyst207 @[email protected] ·

    NGINX Flaw CVE-2026-42945 Actively Exploited, Threatens Worker Crashes and RCE

    A newly discovered NGINX flaw, CVE-2026-42945, is being actively exploited, posing a significant threat of worker crashes and remote code execution (RCE) through specially crafted HTTP requests. This high-severity vulnerability, with a CVSS score of 9.2, has been lurking in NGINX versions since 2008,…

    osintsights.com/nginx-flaw-cve

    #Nginx #Cve202642945 #RemoteCodeExecution #HeapBufferOverflow #VulnerabilityExploitation

    #vulnerabilityexploitation #heapbufferoverflow #remotecodeexecution #cve202642945 #nginx
  43. Analyst207 @[email protected] ·

    NGINX Flaw CVE-2026-42945 Actively Exploited, Threatens Worker Crashes and RCE

    A newly discovered NGINX flaw, CVE-2026-42945, is being actively exploited, posing a significant threat of worker crashes and remote code execution (RCE) through specially crafted HTTP requests. This high-severity vulnerability, with a CVSS score of 9.2, has been lurking in NGINX versions since 2008,…

    osintsights.com/nginx-flaw-cve

    #Nginx #Cve202642945 #RemoteCodeExecution #HeapBufferOverflow #VulnerabilityExploitation

    #nginx #cve202642945 #remotecodeexecution #heapbufferoverflow #vulnerabilityexploitation
  44. Analyst207 @[email protected] ·

    NGINX Flaw Enables Unauthenticated Remote Code Execution

    A critical 18-year-old vulnerability, known as NGINX Rift, has been discovered in NGINX Plus and NGINX Open Source, allowing unauthenticated attackers to remotely execute code with a single crafted HTTP request. This high-severity flaw, rated 9.2 on the CVSS v4 scale, poses a significant threat to vulnerable servers.

    osintsights.com/nginx-flaw-ena

    #Nginx #RemoteCodeExecution #Cve202642945 #UnauthenticatedAttacks #HeapBufferOverflow

    #nginx #remotecodeexecution #cve202642945 #unauthenticatedattacks #heapbufferoverflow
  45. Analyst207 @[email protected] ·

    Exim Flaw Exposes Servers to Remote Code Execution

    A critical flaw in Exim, tracked as CVE-2026-45185, leaves servers vulnerable to remote code execution if they're running specific builds, but thankfully, a remediation was published in Exim version 4.99.3. This vulnerability is triggered during TLS shutdown while handling certain SMTP traffic, allowing attackers to exploit it.

    osintsights.com/exim-flaw-expo

    #RemoteCodeExecution #Exim #Cve202645185 #GnuTransportLayerSecurity #Starttls

    #remotecodeexecution #exim #cve202645185 #gnutransportlayersecurity #starttls
  46. Analyst207 @[email protected] ·

    Exim Flaw Exposes Servers to Remote Code Execution

    A critical flaw in Exim, tracked as CVE-2026-45185, leaves servers vulnerable to remote code execution if they're running specific builds, but thankfully, a remediation was published in Exim version 4.99.3. This vulnerability is triggered during TLS shutdown while handling certain SMTP traffic, allowing attackers to exploit it.

    osintsights.com/exim-flaw-expo

    #RemoteCodeExecution #Exim #Cve202645185 #GnuTransportLayerSecurity #Starttls

    #remotecodeexecution #exim #cve202645185 #gnutransportlayersecurity #starttls
  47. Analyst207 @[email protected] ·

    Microsoft Patch Tuesday Disrupts 120 Vulnerabilities with AI-Driven Insights

    Microsoft's May Patch Tuesday update tackles a whopping 120 vulnerabilities, including 17 critical flaws that could leave your systems exposed to remote code execution, elevation of privilege, and information disclosure attacks. Prioritize patching now to safeguard your domain controllers and prevent…

    osintsights.com/microsoft-patc

    #PatchTuesday #Microsoft #Cve202641089 #RemoteCodeExecution #ElevationOfPrivilege

    #patchtuesday #microsoft #cve202641089 #remotecodeexecution #elevationofprivilege
  48. Analyst207 @[email protected] ·

    Microsoft Patch Tuesday Disrupts 120 Vulnerabilities with AI-Driven Insights

    Microsoft's May Patch Tuesday update tackles a whopping 120 vulnerabilities, including 17 critical flaws that could leave your systems exposed to remote code execution, elevation of privilege, and information disclosure attacks. Prioritize patching now to safeguard your domain controllers and prevent…

    osintsights.com/microsoft-patc

    #PatchTuesday #Microsoft #Cve202641089 #RemoteCodeExecution #ElevationOfPrivilege

    #patchtuesday #microsoft #cve202641089 #remotecodeexecution #elevationofprivilege
  49. Analyst207 @[email protected] ·

    Fortinet Disrupts Critical RCE Flaws in FortiSandbox, FortiAuthenticator

    Fortinet has patched a critical remote code execution vulnerability in its FortiAuthenticator and FortiSandbox products, which could have allowed unauthenticated attackers to run unauthorized code or commands. The company has released fixed builds to address the flaw, tracked as CVE-2026-44277, and…

    osintsights.com/fortinet-disru

    #RemoteCodeExecution #Fortiauthenticator #Cve202644277 #Fortinet #IdentityAndAccessManagement

    #remotecodeexecution #fortiauthenticator #cve202644277 #fortinet #identityandaccessmanagement
  50. OTX Bot @[email protected] ·

    Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers

    Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.

    Pulse ID: 6a0199674dd4cf450633dd32
    Pulse Link: otx.alienvault.com/pulse/6a019
    Pulse Author: AlienVault
    Created: 2026-05-11 08:55:03

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault

    #cybersecurity #ddos #dos #http #honeypot #infosec