Tag: rce

9 Attack Reports | 0 Vulnerabilities

Attack reports

Religious symbols weaponized, group uses Microsoft SharePoint RCE vulnerability to deliver 4L4MD4r ransomware

A serious remote code execution vulnerability in Microsoft SharePoint servers was exploited by hackers, affecting tens of thousands of servers globally. The mimo attack group, a financially motivated threat actor, utilized this vulnerability to deliver the 4L4MD4r ransomware, written in Golang and …
ransomware
microsoft
golang
sharepoint
rce
CVE-2025-53770
CVE-2025-53771
CVE-2025-49704
CVE-2025-49706
2025-08-01
4l4md4r
religious symbols
Published: August 1, 2025
Linked vulnerabilities : CVE-2025-53770 (CVSS 9.8), CVE-2025-53771 (CVSS 7.1), CVE-2025-49704, CVE-2025-49706
Downloadable IOCs: 2

SharePoint Vulnerabilities (CVE-2025-53770 & CVE-2025-53771): Everything You Need to Know

Two critical zero-day vulnerabilities, CVE-2025-53770 and CVE-2025-53771, are actively exploited in on-premises Microsoft SharePoint servers. These flaws enable unauthenticated remote code execution through an exploit chain dubbed ToolShell. CVE-2025-53770 is a critical RCE vulnerability caused by …
zero-day
spoofing
sharepoint
rce
authentication bypass
patch
CVE-2025-53770
CVE-2025-53771
2025-07-21
toolshell
deserialization
on-premises
Published: July 21, 2025
Linked vulnerabilities : CVE-2025-23266 (CVSS 9.0), CVE-2025-53770 (CVSS 9.8), CVE-2025-53771 (CVSS 7.1), CVE-2025-49704, CVE-2025-49706
Downloadable IOCs: 3

Large-scale exploitation of new SharePoint RCE vulnerability chain identified

A new SharePoint remote code execution vulnerability chain, later named CVE-2025-53770 and CVE-2025-53771 by Microsoft, was discovered being exploited in the wild. The exploitation affected on-premise SharePoint Servers globally, with dozens of systems compromised during two attack waves on July 18…
exploit
vulnerability
sharepoint
rce
CVE-2025-53770
CVE-2025-53771
2025-07-21
on-premise
Published: July 21, 2025
Linked vulnerabilities : CVE-2025-53770 (CVSS 9.8), CVE-2025-53771 (CVSS 7.1)
Downloadable IOCs: 4

Toolshell: Large-scale exploitation of new SharePoint RCE vulnerability chain identified

This pulse highlights an ongoing mass exploitation campaign targeting on-premises Microsoft SharePoint servers using a newly disclosed remote code execution (RCE) chain dubbed ToolShell. Discovered on July 18, 2025, by Eye Security, the attack chain is now tracked as CVE-2025-53770 and CVE-2025-537…
exploit
vulnerability
webshell
sharepoint
rce
CVE-2025-53770
CVE-2025-53771
2025-07-21
on-premise
toolshell
Published: July 21, 2025
Downloadable IOCs: 0

Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet

An active campaign is exploiting CVE-2025-3248, a critical vulnerability in Langflow versions before 1.3.0, to deliver the Flodrix botnet. Attackers use the flaw to execute downloader scripts on compromised servers, which then fetch and install the Flodrix malware. The vulnerability allows full sys…
exploit
ddos
botnet
rce
CVE-2025-3248
2025-06-18
flodrix
langflow
Published: June 18, 2025
Downloadable IOCs: 41

Serverless Tokens in the Cloud: Exploitation and Detections

This article explores the security implications of serverless authentication across major cloud platforms. It details how attackers target serverless functions to exploit vulnerabilities arising from insecure code and misconfigurations. The mechanics of serverless authentication are explained for A…
cloud security
authentication
rce
2025-06-13
ssrf
google cloud functions
token exfiltration
aws lambda
azure functions
serverless
Published: June 13, 2025
Downloadable IOCs: 0

Exploitation in the Wild of Aviatrix Controller RCE (CVE-2024-50603)

A critical code execution vulnerability, CVE-2024-50603, affecting Aviatrix Controller has been observed being exploited in the wild. This unauthenticated remote code execution flaw allows attackers to execute arbitrary commands on the system, potentially leading to privilege escalation in AWS envi…
backdoor
xmrig
sliver
cloud security
cryptojacking
privilege escalation
aws
rce
CVE-2024-50603
2025-01-13
aviatrix controller
Published: January 13, 2025
Linked vulnerabilities : CVE-2024-50603 (CVSS 10.0), CVE-2025-0282 (CVSS 9.0), CVE-2025-0283 (CVSS 7.0), CVE-2021-40870
Downloadable IOCs: 6

New Cleo zero-day RCE flaw exploited in data theft attacks

A critical zero-day vulnerability in Cleo's managed file transfer software is being actively exploited by hackers to breach corporate networks and steal data. The flaw affects Cleo LexiCom, VLTrader, and Harmony products, allowing unrestricted file upload and downloads leading to remote code execut…
data theft
zero-day
CVE-2024-50623
rce
termite
cleo
lexicom
2024-12-11
vltrader
cleo harmony
Published: December 11, 2024
Downloadable IOCs: 0

November 18 Advisory: Active Exploitation of Critical RCE in Palo Alto Networks PAN-OS [CVE-2024-0012 and CVE-2024-9474]

Two critical vulnerabilities in Palo Alto Networks PAN-OS, CVE-2024-0012 and CVE-2024-9474, have been disclosed. CVE-2024-0012 is an authentication bypass allowing unauthenticated remote attackers to gain admin privileges, while CVE-2024-9474 is an authenticated privilege escalation bug. These can …
vpn
privilege escalation
2024-11-18
CVE-2024-0012
CVE-2024-9474
rce
authentication bypass
pan-os
critical vulnerability
Published: November 18, 2024
Downloadable IOCs: 0
Click here to see more Attack Reports