Threat Research

    CISA Shares Lessons Learned from an Incident Response Engagement

    During its incident response efforts, determined that cyber threat actors infiltrated the agency’s network on July 11, 2024, by exploiting a critical vulnerability—CVE-2024-36401 [CWE-95: “Eval Injection”]—in a public-facing GeoServer instance (referred to as GeoServer 1)....
    9/24/2025  0
    Read More »

    Your Connection, Their Cash: Threat Actors Misuse SDKs to Sell Your Bandwidth

    This report details a stealthy campaign exploiting CVE-2024-36401, a critical RCE vulnerability (CVSS 9.8) in GeoServer, to gain access to victims' machines and monetize their internet bandwidth. Attackers deploy legitimate or modified SDKs to turn compromised systems into residential proxies, mimicking legal monetization practices used by app developers....
    8/22/2025  0
    Read More »
    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2026 by Gurucul - All rights reserved.