Tag: amenazas

Automated attacks targeting PHP servers are increasing

Cybersecurity researchers have warned of a significant increase in automated attacks targeting PHP servers, IoT devices, and cloud gateways, driven by botnets like Mirai, Gafgyt, and Mozi. According to a report from Qualys’ Threat Research Unit, these automated attacks exploit known vulnerabilities and inadequate cloud configurations, allowing attackers to take control of exposed systems and thereby expand their botnet networks. Some simple measures to prevent attacks PHP servers have become the main targets of these […]

Cybersecurity researchers have warned of a significant increase in automated attacks targeting PHP servers, IoT devices, and cloud gateways, driven by botnets such as Mirai, Gafgyt, and Mozi. According to a report from Qualys’ Threat Research Unit, these automated attacks exploit known vulnerabilities and inadequate cloud configurations, allowing attackers to take control of exposed systems and thereby expand their botnet networks.

Some simple measures to prevent attacks

PHP servers have become the main targets of these campaigns due to the popularity of content management systems (CMS) like WordPress and Craft CMS. The exposure of these servers to misconfigurations and outdated plugins expands their attack surface. Researchers highlight that some of the methods used by attackers involve the query string ‘/?XDEBUG_SESSION_START=phpstorm’, which allows starting debugging sessions that, if left active in production environments, can facilitate the extraction of sensitive data.

Additionally, it has been observed that attackers seek credentials, API keys, and access tokens on servers exposed to the internet, and they also exploit security vulnerabilities in IoT devices. Scanning activity often originates from cloud infrastructures such as AWS and Google Cloud, highlighting how cybercriminals abuse legitimate services to conceal their true locations.

Experts warn that even low-level attackers can cause significant damage thanks to widely available exploitation tools and botnet kits. To mitigate these risks, users are advised to keep their systems updated, remove development tools in production environments, and restrict public access to their cloud infrastructure.

This surge in the capabilities of botnets is reflected in the recent classification by NETSCOUT, which identified the AISURU botnet as a new class of malware capable of launching DDoS attacks exceeding 20 terabits per second. AISURU combines DDoS attack capabilities with additional functions, allowing illicit activities such as the use of residential proxies to conceal malicious activity.

A security vulnerability in Microsoft opens the door to threats from China

A recent investigation has revealed that threat actors with links to China have exploited the security vulnerability ToolShell (CVE-2025-53770) in Microsoft SharePoint. This flaw, which was disclosed and patched in July 2025, allowed significant infiltrations in critical sectors, including a major telecommunications company in the Middle East and various government institutions in Africa and South America. A more serious problem than it seems According to the threat research team at Symantec of Broadcom, CVE-2025-53770, a now-corrected authentication bypass, was exploited by several Chinese cyber-espionage groups, notably Linen Typhoon, Violet […]

A recent investigation has revealed that threat actors with links to China have exploited the ToolShell security vulnerability (CVE-2025-53770) in Microsoft SharePoint. This flaw, which was disclosed and patched in July 2025, allowed significant infiltrations in critical sectors, including a major telecommunications company in the Middle East and various government institutions in Africa and South America.

A problem more serious than it seems

According to the threat research team at Symantec of Broadcom, CVE-2025-53770, a now-patched authentication bypass, was exploited by several Chinese cyber-espionage groups, notably Linen Typhoon, Violet Typhoon, and Storm-2603. These groups have been responsible for sophisticated and diversified attacks, using tools like Zingdoor, ShadowPad, and KrustyLoader to carry out their incursions.

The attacks were not restricted to a single sector, as incidents were reported at a university in the U.S., as well as a government agency in an African country and a financial agency in Europe. The multifaceted approach of these operations suggests a strategic interest on the part of threat actors in stealing credentials and establishing persistent and stealthy access to their victims’ networks.

Additionally, it has been documented that some of the attackers also used additional vulnerabilities and DLL side-loading techniques to deliver their malicious payloads. Among these techniques is the exploitation of CVE-2021-36942, an exploit known for its privilege escalation capability, which reinforces the sophistication of their approach.

The findings of the report suggest that, while there is an overlap in the types of victims and tools used, these activities have not been definitively attributed to a specific group. However, all evidence points to the fact that behind these operations are threat actors based in China.

Windows 11 DOWNLOAD

The crucial importance of identity security in the era of AI

The rapid evolution of artificial intelligence agents has transformed business security, making identity management an essential component for protecting organizations from modern threats. As these agents perform tasks autonomously and without supervision, the risk of catastrophic errors increases significantly. A failure in logic or unauthorized access can turn effective automation into an operational disaster, highlighting the vulnerability posed by poorly regulated AI implementations. The transformation of business security Currently, less than 40% of AI agents have security policies of […]

The rapid evolution of artificial intelligence agents has transformed business security, making identity management an essential component to protect organizations from modern threats. As these agents perform tasks autonomously and without supervision, the risk of catastrophic errors increases significantly. A logic failure or unauthorized access can turn effective automation into an operational disaster, highlighting the vulnerability posed by poorly regulated AI implementations.

The transformation of business security

Currently, less than 40% of AI agents have identity security policies. This leaves organizations exposed to a range of potential attacks, as these systems operate with access privileges to sensitive data. According to the SailPoint Horizons of Identity Security 2025-2026 report, the situation has become critical, as old security measures, such as firewalls, are no longer sufficient against the new identity-driven threat models.

The report highlights that 63% of organizations are at early levels of maturity in identity security, which increases their risk of attacks. Companies that implement mature identity security programs not only achieve a higher return on investment but also benefit from better operational efficiency and transformative business capabilities.

However, only 25% of organizations consider identity management as a strategic enabler. This limited view prevents many companies from harnessing the full transformative potential that identity security can offer. As the threat landscape continues to evolve, it is imperative that organizations assess their current position regarding identity security and seriously consider their readiness to manage access from automated systems and AI agents.