Spring4Shell

Experts warn of a Mirai-based botnet exploiting the recently discovered Spring4Shell vulnerability in attacks in the wild. Trend Micro Threat Research reported that the recently discovered Spring4Shell vulnerability (CVE-2022-22965) is actively exploited by a Mirai-based botnet. Researchers from Chinese cybersecurity firm Qihoo 360 first reported the exploitation of the Spring4Shell by a Mirai-based botnet in early April. […]

The post A Mirai-based botnet is exploiting the Spring4Shell vulnerability appeared first on Security Affairs.

Read More A Mirai-based botnet is exploiting the Spring4Shell vulnerability

The U.S. CISA added the recently disclosed remote code execution (RCE) vulnerability Spring4Shell to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the recently disclosed CVE-2022-22965 (aka Spring4Shell, CVSS score: 9.8) flaw in the Spring Framework, along with three other issues, to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) […]

The post CISA adds Spring4Shell flaw to its Known Exploited Vulnerabilities Catalog appeared first on Security Affairs.

Read More CISA adds Spring4Shell flaw to its Known Exploited Vulnerabilities Catalog

VMware released security updates to address the critical remote code execution vulnerability known as Spring4Shell. VMware has published security updates to address the critical remote code execution vulnerability known as Spring4Shell (CVE-2022-22965). According to the virtualization giant, the flaw impacts many of its cloud computing and virtualization products. The Spring4Shell issue was disclosed last week, […]

The post VMware released updates to fix the Spring4Shell vulnerability in multiple products appeared first on Security Affairs.

Read More VMware released updates to fix the Spring4Shell vulnerability in multiple products

An unauthenticated zero-day RCE vulnerability in the Spring Core Java framework called ‘Spring4Shell’ has been publicly disclosed. Researchers disclosed a zero-day vulnerability, dubbed Spring4Shell, in the Spring Core Java framework called ‘Spring4Shell.’ An unauthenticated, remote attacker could trigger the vulnerability to execute arbitrary code on the target system. The framework is currently maintained by Spring.io […]

The post Mysterious disclosure of a zero-day RCE flaw Spring4Shell in Spring appeared first on Security Affairs.

Read More Mysterious disclosure of a zero-day RCE flaw Spring4Shell in Spring