On July 19, researchers detected a surge of HTTP probes aimed at Rejetto HTTP File Server (HFS) 2.x systems, revealing a coordinated spray‑and‑pray campaign exploiting a critical unauthenticated server‑side template injection (SSTI) vulnerability (CVE‑2024‑23692, CVSS 9.8) that permits arbitrary command execution via a single crafted request....