Ongoing Attacks Exploit GeoServer RCE Flaw (CVE-2024-36401) to Install NetCat and XMRig CoinMiner

July 10, 2025

Ongoing Attacks Exploit GeoServer RCE Flaw (CVE-2024-36401) to Install NetCat and XMRig CoinMiner

The AhnLab Security Intelligence Center (ASEC) has issued a fresh warning on the ongoing exploitation of a remote code execution (RCE) vulnerability in GeoServer, tracked as CVE-2024-36401. According …

Published Date:
Jul 10, 2025 (4 hours, 21 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2024-36401

Source: Read More

Previous ArticleCritical Vulnerabilities Found in Schneider Electric’s EcoStruxure IT Data Center Expert

Next Article CISA Warns of Critical Flaws in Emerson ValveLink Software: Exploits Could Lead to Code Execution and Data Exposure

Highlights

CVE-2025-53886 – Directus Session Hijacking Vulnerability

July 15, 2025

CVE ID : CVE-2025-53886

Published : July 15, 2025, 12:15 a.m. | 2 hours, 36 minutes ago

Description : Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0 and prior to version 11.9.0, when using Directus Flows with the WebHook trigger all incoming request details are logged including security sensitive data like access and refresh tokens in cookies. Malicious admins with access to the logs can hijack the user sessions within the token expiration time of them triggering the Flow. Version 11.9.0 fixes the issue.

Severity: 4.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Microsoft donates DocumentDB to the Linux Foundation

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

ChatGPT is reportedly scraping Google Search data to answer your questions – here’s how

The 10 best early Labor Day deals live now: Save on Apple, Samsung and more

5 rumored Apple iPhone Fold features that have me excited (and frustrated at the same time)

Forget plug-and-play AI: Here’s what successful AI projects do differently

Log Outgoing HTTP Requests with the Laravel Spy Package

Log Outgoing HTTP Requests with the Laravel Spy Package

devdojo/auth

Rust Slices: Cutting Into References the Safe Way

Best AI Girlfriend Simulator [2025 Working Apps and Websites]

Best AI Girlfriend Simulator [2025 Working Apps and Websites]

8 Best Paid and Free AI Sexting Chat Apps in 2025

Best AI Anime Art Generator: 7 Best to Use [Free & Premium]

Ongoing Attacks Exploit GeoServer RCE Flaw (CVE-2024-36401) to Install NetCat and XMRig CoinMiner

Ongoing Attacks Exploit GeoServer RCE Flaw (CVE-2024-36401) to Install NetCat and XMRig CoinMiner

Transparent Tribe Targets Indian Govt With Weaponized Desktop Shortcuts via Phishing

Buffalo Police Detective Indicted for Attempted Purchases on Genesis Market

Il podcast di Marco’s Box – Puntata 205

CVE-2025-49113: Roundcube RCE Exploit Unveiled—The Swiss Army Knife of Webmail Just Got a Weaponized Blade

Microsoft’s Patch for Symlink Exploit Introduces New Windows Update DoS Flaw

MITRE Launches D3FEND CAD Tool to Revolutionize Cybersecurity Modeling

CVE-2025-53886 – Directus Session Hijacking Vulnerability

40+ New Games Are Coming to Xbox This Week (June 16–20)

Locale-aware Number Parsing in Laravel 12.15

Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session

Ongoing Attacks Exploit GeoServer RCE Flaw (CVE-2024-36401) to Install NetCat and XMRig CoinMiner

Ongoing Attacks Exploit GeoServer RCE Flaw (CVE-2024-36401) to Install NetCat and XMRig CoinMiner

Related Posts