February 5, 2025 By Zeljka Zorz
XE Group, a cybercriminal outfit that has been active for over a decade, has been quietly exploiting zero-day vulnerabilities (CVE-2025-25181, CVE-2024-57968) in VeraCore software, a popular solution for warehouse management and order fulfillment.
According to Intezer and Solis Security researchers, their targets are companies in the manufacturing and distribution sectors.
“In one instance, the group was found to have compromised an organization in 2020, maintaining persistent access to an endpoint for over four years,” Intezer researchers Nicole Fishbein, Joakim Kennedy and Justin Lentz shared.
