Apache OFBiz RCE Attack

Byadmblake

FortiGuard Labs continues to observe attack attempts targeting the recent Apache OFBiz vulnerabilities (CVE-2024-38856, CVE-2024-45195 and CVE-2024-36104) that can be exploited by threat actors through maliciously crafted unauthorized requests, leading to the remote code execution.

FortiGuard Labs continues to observe attack attempts targeting the recent Apache OFBiz vulnerabilities (CVE-2024-38856, CVE-2024-45195 and CVE-2024-36104) that can be exploited by threat actors through maliciously crafted unauthorized requests, leading to the remote code execution.

Related

Blind Eagle Uses Proton66 Hosting for Phishing, RAT Deployment on Colombian Banks

The threat actor known as Blind Eagle has been attributed with high confidence to the use of the Russian bulletproof hosting service Proton66. Trustwave SpiderLabs, in a report published last week, said it was able to make this connection by pivoting from Proton66-linked digital assets, leading to the discovery of an active threat cluster that…

Researchers Detail Bitter APT’s Evolving Tactics as Its Geographic Scope Expands

The threat actor known as Bitter has been assessed to be a state-backed hacking group that’s tasked with gathering intelligence that aligns with the interests of the Indian government. That’s according to new findings jointly published by Proofpoint and Threatray in an exhaustive two-part analysis. “Their diverse toolset shows consistent coding patterns across malware families,…

CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Smartbedded Meteobridge to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, CVE-2025-4008 (CVSS score: 8.7), is a case of command injection in the Meteobridge web interface that could result in code execution. “

Water Curse Hijacks 76 GitHub Accounts to Deliver Multi-Stage Malware Campaign

Cybersecurity researchers have exposed a previously unknown threat actor known as Water Curse that relies on weaponized GitHub repositories to deliver multi-stage malware. “The malware enables data exfiltration (including credentials, browser data, and session tokens), remote access, and long-term persistence on infected systems,” Trend Micro researchers Jovit Samaniego, Aira Marcelo, Mohamed

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers. “The campaign uses highly obfuscated VBScript files disguised as resume/CV documents, delivered through phishing emails,” Securonix researchers Shikha Sangwan, Akshay Gaikwad, and Aaron Beardslee said in a report shared