A Chinese-speaking threat group, tracked as UAT-6382, is exploiting a zero-day vulnerability (CVE-2025-0994) in Cityworks, a popular asset management system, to gain remote code execution. The attackers deploy web shells such as AntSword and Chopper on IIS servers....