Enterprise document management system (DMS) vendors, ONLYOFFICE, OpenKM, LogicalDOC, and Mayan, are yet to resolve several severe DMS vulnerabilities, according to cybersecurity firm Rapid7. It warned that stored cross-site scripting (XSS) flaws in the systems pose high risks. No patches or updates have been released, and vendors have not responded to Rapid7’s disclosures.

Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers
Cybersecurity researchers have revealed details about Outlaw, an “auto-propagating” cryptocurrency mining botnet that targets SSH servers with weak credentials. The Romanian-origin malware performs SSH brute-force