#CVE202423334

Aiohttp Vulnerability in Attacker Crosshairs

by

March 19, 2024 at 06:18AM Hackers are targeting a recently patched Aiohttp vulnerability, potentially affecting thousands of servers globally. A Shodan search reveals over 70,000 instances, with notable exposure in the US, China, and Germany. Cyble’s scanner identified 43,000 exposed instances, with high percentages in the US and Europe. Exploitation attempts have been observed, including … Read more

Hackers exploit Aiohttp bug to find vulnerable networks

by

March 16, 2024 at 04:48PM ShadowSyndicate, a ransomware actor, has targeted servers vulnerable to CVE-2024-23334 in the aiohttp Python library. The vulnerability allows remote attackers to access files on affected servers. Exploitation attempts were observed, originating from five IP addresses connected to ShadowSyndicate. Cyble’s data shows about 44,170 exposed aiohttp instances globally, making the extent … Read more