Security News > 2025 > February > Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers

2025-02-07 18:42
Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial network access. [...]
News URL
Related news
- CentreStack RCE exploited as zero-day to breach file sharing servers (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
- Hackers Exploit Critical Craft CMS Flaws; Hundreds of Servers Likely Compromised (source)
- Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell (source)
- Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own (source)
- Russian Hackers Breach 20+ NGOs Using Evilginx Phishing via Fake Microsoft Entra Pages (source)
- Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws (source)
- ⚡ Weekly Recap: VPN Exploits, Oracle's Silent Breach, ClickFix Surge and More (source)
- Hackers lurked in Treasury OCC’s systems since June 2023 breach (source)
- Microsoft fixes auth issues on Windows Server, Windows 11 24H2 (source)