Read more: securityonline.info
A critical vulnerability (CVE-2024-36401) in GeoServer, an open-source geospatial data server, is being actively exploited by attackers to launch global malware campaigns. This vulnerability allows attackers to execute remote code on vulnerable systems, granting them the ability to install malware, deploy backdoors, and launch DDoS attacks. The attack campaigns are globally widespread, with a particular focus on South America, Europe, and Asia. Researchers have observed attackers using this vulnerability to spread various malware, including GOREVERSE, SideWalk, JenX, Condi Botnet, and cryptocurrency miners, emphasizing the severity of this flaw. Organizations utilizing GeoServer should prioritize updating their installations with the latest patches to mitigate risks.