Security News > 2025 > January > Fake LDAPNightmware exploit on GitHub spreads infostealer malware

Fake LDAPNightmware exploit on GitHub spreads infostealer malware

2025-01-11 15:21

A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka "LDAPNightmare") on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. [...]

News URL

https://www.bleepingcomputer.com/news/security/fake-ldapnightmware-exploit-on-github-spreads-infostealer-malware/

#exploit #github #malware #CVE-2024-49113

Related news

APT-C-60 Hackers Exploit StatCounter and Bitbucket in SpyGlace Malware Campaign (source)
Cybercriminals Exploit Popular Game Engine Godot to Distribute Cross-Platform Malware (source)
BootKitty UEFI malware exploits LogoFAIL to infect Linux systems (source)
New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits (source)
New Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHP (source)
Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection (source)
Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (source)
Malware botnets exploit outdated D-Link routers in recent attacks (source)
Python-Based Malware Powers RansomHub Ransomware to Exploit Network Flaws (source)

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2024-12-12	CVE-2024-49113	Unspecified vulnerability in Microsoft products Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability microsoft	0.0

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Github		12	2	45	29	19	95

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.