TechSecInfo

The tech + cyber briefing: what happened, why it matters, and where it came from.

Cyber Security

RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet

By rooter

The botnet malware known as RondoDox has been observed targeting unpatched XWiki instances against a critical security flaw that could allow attackers to achieve arbitrary code execution.
The vulnerability in question is CVE-2025-24893 (CVSS score: 9.8), an eval injection bug that could allow any guest user to perform arbitrary remote code execution through a request to the “/bin/get/Main/

Oh hi there đŸ‘‹
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

Oh hi there đŸ‘‹
It’s nice to meet you.

Sign up to receive awesome content in your inbox, every month.

We don’t spam! Read our privacy policy for more info.

By rooter

Related Post

Cyber Security

China-Linked TA416 Targets European Governments with PlugX and OAuth-Based Phishing

rooter
Cyber Security

Apple Breaks Precedent, Patches DarkSword for iOS 18

rooter
Cyber Security

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

rooter

Leave a Reply

You Missed

News

Judge Kills Lawsuit Against Infamous Study That Might Have Increased Teen Suicides

News

Lenovo Legion Go 2 suddenly costs $650 more as RAMageddon lays waste to gaming hardware

News

Netflix must refund customers for years of price hikes, Italian court rules

News

‘Chainsaw Man’ Briefly Returns in ‘Dandadan’