CISA Warns of Critical Apache RocketMQ Vulnerability Being Actively Exploited to Install Malware

CISA warns of critical Apache RocketMQ bug exploited in attacks
Vulnerability tracked as CVE-2023-33246, affects RocketMQ versions 5.1.0 and below
Threat actors exploiting bug to install payloads like crypto miners
Bug allows attackers to execute commands as system users without authentication
CISA recommends patching by Sept 27 or discontinuing use of RocketMQ
Researcher Jacob Baines published details, says broker interface is insecure by design

bleepingcomputer.com

Relevant topic timeline:

9/11/2023

CISA Directs Federal Agencies to Patch iPhones Against Pegasus Spyware Exploiting iMessage Zero-Clicks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch security vulnerabilities used in a zero-click iMessage exploit chain that infected iPhones with NSO Group's Pegasus spyware.