ShadowSyndicate Hackers Abuse Aiohttp Python Vulnerability To Find Targets

The ransomware group 'ShadowSyndicate' targeted servers vulnerable to CVE-2024-23334, a directory traversal flaw in the aiohttp Python library. Aiohttp, crucial for handling concurrent HTTP requests, is widely used by tech firms, web developers, and data scientists. Version 3.9.2, released on January 28, 2024, addressed the vulnerability, impacting all versions prior to 3.9.1, allowing remote attackers to access files on vulnerable servers. Following this, a PoC exploit was shared on GitHub on February 27, 2024, alongside a step-by-step exploitation guide uploaded to YouTube in early March. Read more...

Read More

Comments

Loading... Logging you in...
  • Logged in as
There are no comments posted yet. Be the first one!

Post a new comment

Comments by