February 12, 2025 By Bill Toulas
Increased hacker activity has been observed in attempts to compromise poorly maintained devices that are vulnerable to older security issues from 2022 and 2023.
Threat monitoring platform GreyNoise is reporting spikes in actors leveraging CVE-2022-47945 and CVE-2023-49103 that affect ThinkPHP Framework and the open-source ownCloud solution for file sharing and syncing.
Both vulnerabilities have critical severity and can be exploited to execute arbitrary operating system commands or to obtain sensitive data (e.g. admin password, mail server credentials, license key).
