Tag: gsocket

2 Attack Reports | 0 Vulnerabilities

Attack reports

Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities

Cisco Talos tracks active exploitation of CVE-2026-20182, an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller and Manager, allowing remote attackers to obtain administrative privileges. The exploitation is attributed to UAT-8616, a sophisticated threat actor previously involv…
xmrig
credential theft
sliver
godzilla
behinder
webshells
gsocket
cryptocurrency mining
authentication bypass
cisco
adaptixc2
CVE-2026-20122
CVE-2026-20127
CVE-2026-20128
CVE-2026-20133
2026-05-14
CVE-2026-20182
kscan
nimplant
sd-wan
xenshell
Published: May 14, 2026
Linked vulnerabilities : CVE-2025-20333 (CVSS 9.9), CVE-2025-20362 (CVSS 6.5), CVE-2026-20122 (CVSS 5.4), CVE-2026-20127 (CVSS 10.0), CVE-2026-20128 (CVSS 7.5), CVE-2026-20133 (CVSS 6.5), CVE-2026-20182 (CVSS 10.0)
Downloadable IOCs: 24

From Automation to Exploitation: The Growing Misuse of Selenium Grid for Cryptomining and Proxyjacking

Two campaigns targeting Selenium Grid, a popular web testing tool, have been identified. The attacks exploit misconfigured instances lacking authentication to deploy cryptominers and proxyjacking tools. The first campaign injects a base64 encoded Python script to download and execute a reverse shel…
cryptomining
vulnerability exploitation
2024-09-17
tor
proxyjacking
perfcc
iproyal pawns
gsocket
traffmonetizer
selenium grid
Published: September 17, 2024
Linked vulnerabilities : CVE-2021-4043
Downloadable IOCs: 18
Click here to see more Attack Reports