From bleepingcomputer.com
Microsoft says the Sysrv botnet is now exploiting vulnerabilities in the Spring Framework and WordPress to ensnare and deploy cryptomining malware on vulnerable Windows and Linux servers.
Redmond discovered a new variant (tracked as Sysrv-K) that has been upgraded with more capabilities, including scanning for unpatched WordPress and Spring deployments.
“The new variant, which we call Sysrv-K, sports additional exploits and can gain control of web servers” by exploiting various vulnerabilities, the Microsoft Security Intelligence team said in a Twitter thread.
“These vulnerabilities, which have all been addressed by security updates, include old vulnerabilities in WordPress plugins, as well as newer vulnerabilities like CVE-2022-22947.”