Security researchers are falling victim to a fake proof-of-concept exploit for CVE-2024-49113, also known as LDAPNightmare, which downloads malware that steals information. This cybersecurity attack is worrying due to the potential scale of victims it could affect. The malware is delivered via a seemingly innocuous Python-based project, but the inclusion of an executable file raises suspicions.
Threat Actors Exploiting DevOps Web Servers Misconfigurations To Deploy Malware
A new cryptojacking campaign, led by threat actor JINX-0132, exploits misconfigurations in popular DevOps applications like HashiCorp Nomad and Docker API. By utilizing legitimate tools
