The abuse of known security flaws to deploy bots on vulnerable systems is a widely recognized problem. Many automated bots constantly search the web for known vulnerabilities in servers and devices connected to the internet, especially those running popular services.
These bots often carry Remote Code Execution (RCE) exploits targeting HTTP services, allowing attackers to embed Linux commands within GET or POST requests. We recently observed the use of CVE-2024-3721 in attempts to deploy a bot in one of our honeypot services. This bot variant turned out to be part of the infamous Mirai botnet, targeting DVR-based monitoring systems.
Read more…
Source: Kaspersky
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Arctic Wolf Observes July 2025 Uptick in Akira Ransomware Activity Targeting SonicWall SSL VPN
August 1, 2025
In late July 2025, Arctic Wolf observed an increase in ransomware activity targeting SonicWall firewall devices for initial access. In the intrusions reviewed, multiple pre-ransomware intrusions were observed within a short period of time, each involving VPN access through SonicWall SSL VPNs. While credential access through brute force, dictionary attacks, and credential stuffing have not yet ...
- Apple patches multiple vulnerabilities in iOS and iPadOS. Update now!
July 30, 2025
Apple released a security update for iOS and iPadOS to patch multiple vulnerabilities, including one that could leak sensitive information when visiting a malicious website and one that allows an attacker to display false information in the address bar. In total, 29 vulnerabilities were patched, most of them in WebKit, Apple’s web rendering engine that powers ...
- CVE-2025-53770 – Zero-day exploitation in the wild of Microsoft SharePoint servers
July 29, 2025
Microsoft released an advisory for CVE-2025-53770, a critical Remote Code Execution (RCE) vulnerability affecting on-premise SharePoint servers. This vulnerability has been exploited in the wild as a zero-day by an unknown threat actor prior to the disclosure from Microsoft. The vulnerability is described as an unauthenticated deserialization of untrusted data issue, and has a CVSS base ...
- ToolShell: a story of five vulnerabilities in Microsoft SharePoint
July 25, 2025
On July 19–20, 2025, various security companies and national CERTs published alerts about active exploitation of on-premise SharePoint servers. According to the reports, observed attacks did not require authentication, allowed attackers to gain full control over the infected servers, and were performed using an exploit chain of two vulnerabilities: CVE-2025-49704 and CVE-2025-49706, publicly named “ToolShell”. Additionally, ...
- Mitel Releases Security Advisories for MiVoice MX-One and MiCollab
July 24, 2025
Mitel has released security advisories to address vulnerabilities in Mitel MiVoice MX-ONE and MiCollab, which are cloud-based platforms that help manage business communications. The critical vulnerability, which has no CVE identifier at the time of publishing this Cyber Alert, affects Mitel MiVoice MX-One and is an authentication bypass vulnerability with a CVSSv3 score of 9.4. Successful ...
- Disrupting active exploitation of on-premises SharePoint vulnerabilities
July 23, 2025
Expanded analysis and threat intelligence from Microsoft continued monitoring of exploitation activity by Storm-2603 leading to the deployment of Warlock ransomware. Based on new information, we have updated the Attribution, Indicators of compromise, extended and clarified Mitigation and protection guidance (including raising Step 6: Restart IIS for emphasis), Detections, and Hunting sections. Read more… Source: Microsoft Sign up for ...