tldrdailynews.com logo
Tag

Vulnerability Exploitation

All articles tagged with #vulnerability exploitation

Cloud breaches pivot to new flaws as credential abuse wanes
technology1 month ago

Cloud breaches pivot to new flaws as credential abuse wanes

Google’s threat intelligence shows cloud intrusions are increasingly driven by exploiting freshly disclosed third-party software flaws, shrinking the window to weaponize exploits to days. Weak credentials have declined as an attack vector while remote code execution flaws like React2Shell (CVE-2025-55182) and XWiki (CVE-2025-24893) are frequently exploited. Attacks often begin via phishing or stolen identities, with Iran-, China-, and North Korea–linked campaigns maintaining long-term access to steal data, crypto, and credentials. OpenID Connect abuse, supply-chain incidents, and insider threats also feature prominently, underscoring the need for automated, rapid incident response as cloud threats accelerate into 2026.

via BleepingComputer|
#apt#cloud-security#data-exfiltration
RondoDox Botnet Exploits React2Shell Flaw to Hijack IoT Devices and Servers
network-security3 months ago

RondoDox Botnet Exploits React2Shell Flaw to Hijack IoT Devices and Servers

Cybersecurity researchers have uncovered a nine-month campaign where the RondoDox botnet exploited the critical React2Shell vulnerability (CVE-2025-55182) to hijack IoT devices and web servers, deploying malware, cryptocurrency miners, and Mirai variants, with the threat still active as of December 2025. Organizations are urged to update vulnerable software, segment IoT devices, and enhance monitoring to prevent infection.

via The Hacker News|
#botnet#iot-security#network-security
"Ransomware Exploits Critical ConnectWise ScreenConnect Flaws"
cybersecurity2 years ago

"Ransomware Exploits Critical ConnectWise ScreenConnect Flaws"

Sophos X-Ops is tracking a wave of vulnerability exploitation targeting unpatched ConnectWise ScreenConnect installations, with attackers deploying malware to servers and workstations. ConnectWise has released a security advisory highlighting two critical vulnerabilities, urging immediate patching to version 23.9.8. Cloud-hosted implementations have received updates, but self-hosted instances remain at risk until manually upgraded. Sophos observed active exploitation in the wild, including attacks involving LockBit ransomware and other malware. Recommendations include confirming deployment type, scanning for unpatched instances, and implementing security measures. Sophos also provides detection and protection rules, as well as incident response guidance for organizations to mitigate risks and investigate potential incidents.

via Sophos|
#connectwise#cybersecurity#malware