Tag: apache

5 Attack Reports | 0 Vulnerabilities

Attack reports

Your Connection, Their Cash: Threat Actors Misuse SDKs to Sell Your Bandwidth

Palo Alto Networks has identified and identified a threat that is exploiting a critical vulnerability in the GeoServer database, which allows criminals to gain passive income from exploiting victims' internet bandwidth and access to their bandwidth.
persistence
apache
geoserver
CVE-2024-36401
2025-08-21
ip address
jxpath
dart
cve202436401
sdk
Published: August 21, 2025
Linked vulnerabilities : CVE-2024-1182 (CVSS 7.0), CVE-2024-7587 (CVSS 7.8), CVE-2024-8299 (CVSS 7.8), CVE-2024-36401, CVE-2025-32433 (CVSS 10.0), CVE-2025-31324 (CVSS 10.0), CVE-2025-49704, CVE-2025-49706
Downloadable IOCs: 94

Apache Under the Lens: Tomcat's Partial PUT and Camel's Header Hijack

In March 2025, Apache disclosed three critical vulnerabilities: CVE-2025-24813 in Apache Tomcat and CVE-2025-27636 and CVE-2025-29891 in Apache Camel. These flaws allow remote code execution, affecting millions of developers. The Tomcat vulnerability exploits partial PUT requests and session persis…
exploit
vulnerability
apache
remote code execution
CVE-2025-27636
CVE-2025-24813
CVE-2025-29891
2025-07-03
tomcat
Published: July 3, 2025
Linked vulnerabilities : CVE-2024-1182 (CVSS 7.0), CVE-2024-7587 (CVSS 7.8), CVE-2024-0012 (CVSS 9.8), CVE-2024-9474 (CVSS 7.2), CVE-2024-8299 (CVSS 7.8), CVE-2025-0282 (CVSS 9.0), CVE-2025-0283 (CVSS 7.0), CVE-2024-53870 (CVSS 3.3), CVE-2025-27636 (CVSS 5.6), CVE-2025-24813 (CVSS 9.8), CVE-2025-29891 (CVSS 4.2), CVE-2025-31324 (CVSS 10.0)
Downloadable IOCs: 23

Increased Activity Against Apache OFBiz CVE-2024-32113

Recently, there has been a surge in malicious activity targeting a critical vulnerability (CVE-2024-32113) in the Apache OFBiz framework, a Java-based platform for developing Enterprise Resource Planning (ERP) applications. This vulnerability, a path traversal issue that can lead to remote code exe…
vulnerability
CVE-2024-32113
apache
erp
2024-08-01
remote code execution
ofbiz
Published: August 1, 2024
Linked vulnerabilities : CVE-2024-32113
Downloadable IOCs: 5

Malware Targets Message Queuing Services Applications

The report describes a recent campaign targeting Apache RocketMQ platforms, where attackers exploited a known vulnerability (CVE-2023-33246) to gain remote code execution on the systems. They then downloaded and executed the Muhstik malware, which provides persistence, evades detection, performs la…
evasion
cryptocurrency
vulnerability
persistence
apache
2024-06-06
irc
rocketmq
lateral
muhstik
CVE-2023-33246
Published: June 6, 2024
Linked vulnerabilities : CVE-2023-33246
Downloadable IOCs: 21

Ebury is alive but unseen: 400k Linux servers compromised for cryptotheft and financial gain

The Ebury malware gang is continuing to expand, with hundreds of thousands of servers compromised and used to steal cryptocurrency and credit card data, according to a paper published by ESET Research on 14 May 2024.
linux
bitcoin
2024-05-15
2024-05-10
apache
ebury
windigo
apachemodule
Published: May 15, 2024
Downloadable IOCs: 141
Click here to see more Attack Reports