Cybersecurity experts have identified a new Linux cryptojacking campaign called RedisRaider, which targets publicly accessible Redis servers to deploy cryptocurrency miners. This threat impacts Linux server infrastructures and Redis instances globally. #Redis #LinuxServers…
Search Results for: XMRig
Wiz Threat Research has identified an ongoing campaign by the threat actor JINX-0126, targeting poorly configured and publicly exposed PostgreSQL servers. By exploiting weak login
We analyze the multi-stage loading technique used by Water Sigbin to deliver the PureCrypter loader and XMRIG crypto miner….
AhnLab SEcurity intelligence Center (ASEC) recently found that XMRig CoinMiner is being distributed through a game emulator. Similar cases were introduced in previous ASEC Blog posts multiple times as shown below. 1. Distribution Channel The CoinMiner was found to be distributed on a website that provides a game emulator for a well-known…
Through a post titled βOrcus RAT Being Distributed Disguised as a Hangul Word Processor Crackβ [1], AhnLab SEcurity intelligence Center (ASEC) previously disclosed an attack
The Uptycs Threat Research Team has uncovered a large-scale, ongoing operation within the Log4j campaign. Initially detected within our honeypot collection, upon discovery, the team
Sysrv is a well-documented botnet first identified in 2020, with the main payload being a worm written in Golang. It drops a cryptominer onto infected
The ASEC analysis team has recently discovered the distribution of BitRAT and XMRig CoinMiner disguised as a Windows license verification tool. As introduced in previous
The unpatched GeoServer vulnerability CVE-2024-36401 continues to be exploited by threat actors to install malware such as NetCat and XMRig CoinMiner, with confirmed cases in South Korea. Attackers use PowerShell and Bash scripts to deploy these malicious tools, enabling remote control and cryptocurrency mining. #GeoServer #CVE202436401 #NetCat #XMRig…
A recent resurgence of XMRig cryptominer malware was observed in April 2025, coinciding with a rally in Monero cryptocurrency prices and a major bitcoin theft converted to Monero. The malware employs multi-staged attacks utilizing LOLBAS techniques and Windows built-in tools to achieve persistence and evade detection. #XMRig #Monero #notif_su
![Threat Research | Weekly Recap [06 Jul 2025]](https://www.hendryadrian.com/tweet/image/cybersecuritynews.png "Threat Research | Weekly Recap [06 Jul 2025]")
This week’s cybersecurity recap highlights critical vulnerabilities such as CVE-2025-5777 and CVE-2025-20309 affecting Citrix and Cisco, which are actively exploited by threat actors like APT28 and MuddyWater. Emerging malware campaigns include sophisticated botnets like Flodrix and advanced evasion techniques like Shellter and steganography. #CitrixBleed #MuddyWater
Threat actors are exploiting exposed JDWP interfaces in Java applications to execute remote code, deploy cryptocurrency miners, and establish persistence. They also leverage malicious botnets like Hpingbot to carry out DDoS attacks, targeting systems via weak SSH configurations. #JDWP #Hpingbot…