Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems

Threat Score:

The Hacker News

1 day ago

Part of cluster #2053

Overview

Threat actors are exploiting a nearly two-year-old security flaw in Apache ActiveMQ to gain persistent access to cloud Linux systems and deploy malware calledDripDropper. But in an unusual twist, the unknown attackers have been observed patching the exploited vulnerability after securing initial access to prevent further exploitation by other adversaries and evade detection, Red Canarysaidin a report shared with The Hacker News. "Follow-on adversary command-and-control (C2) tools varied by endpo...

Continue Reading on Original Site

5 articles

How Warlock Ransomware Targets Vulnerable SharePoint Servers

Dark Reading • 5 hours ago

Researchers highlight how Warlock, a new ransomware heavyweight, uses its sophisticated capabilities to target on-premises SharePoint instances.

Score

Russian State Hackers Exploit 7-Year-Old Cisco Router Vulnerability

Hackread • 6 hours ago

FBI and Cisco warn Russian hackers are exploiting a 7-year-old Cisco Smart Install vulnerability on outdated routers and…

Score

Stop Reacting; Start Anticipating: The Global State of Threat Intelligence

Brighttalk • 11 hours ago

Presented by Jitin Shabadu, Forrester Analyst | Jayce Nichols, Director, Intelligence Solutions, Google Threat Intelligence Group

Score

Apple fixes zero-day vulnerability exploited in “extremely sophisticated attack” (CVE-2025-43300)

Feeds2 • 6 hours ago

Apple fixes zero-day vulnerability exploited in “extremely sophisticated attack” (CVE-2025-43300) Apple has fixed yet another vulnerability (CVE-2025-43300) that has apparently been exploited as a zero-day “in an extremely sophisticated attack against specific targeted individuals.” CVE-2025-43300 CVE-2025-43300 is anout-of-bounds writeissue that could be triggered by a vulnerable device processing a malicious image file, leading to exploitable memory corruption. The vulnerability affects theIma

Score

At least three UK organizations hit by SharePoint zero-day hacking campaign

Therecord • 14 hours ago

At least three British organizations have reported to the country’s data protection regulator that hackers exploited bugs affecting on-premise Microsoft SharePoint servers.

Score

CVES

CVE-2023-46604

ATTACK TYPES

Command and Control

Credential Access

Malware Deployment

Ransomware

Remote Code Execution

COUNTRIES

China

France

VULNERABILITIES

Remote Code Execution

COMPANIES

Apache Software Foundation

Cloudflare

Red Canary

SECURITY VENDORS

Cloudflare

PLATFORMS

Apache

Apache ActiveMQ

Linux

APT GROUPS

Careto

RANSOMWARE

Final

First

HelloKitty

One

Unknown

MALWARE

Careto

DripDropper

Nexus

MITRE ATT&CK

T1059

T1059.003

T1068

T1071

T1071.001

INDUSTRIES

Cloud Computing

Cloud Services

Cybersecurity

Technology

ARTICLE INFORMATION

Article #12386

Published 1 day ago

The Hacker News

THREAT HUNTING

THREAT INTELLIGENCE

BUSINESS INTELLIGENCE

Save to Folder

Article Intelligence

THREAT HUNTING

THREAT INTELLIGENCE

BUSINESS INTELLIGENCE

Overview

Related Articles

How Warlock Ransomware Targets Vulnerable SharePoint Servers

Russian State Hackers Exploit 7-Year-Old Cisco Router Vulnerability

Stop Reacting; Start Anticipating: The Global State of Threat Intelligence

Apple fixes zero-day vulnerability exploited in “extremely sophisticated attack” (CVE-2025-43300)

At least three UK organizations hit by SharePoint zero-day hacking campaign

Save to Folder

Article Intelligence

We use cookies

Cookie Settings

Essential Cookies

Analytics Cookies

Performance Cookies

Marketing Cookies