Summary: GreyNoise has reported a significant increase in the exploitation of Server-Side Request Forgery (SSRF) vulnerabilities, with over 400 IP addresses involved in simultaneous attacks across various platforms. Notable countries affected include the United States, Germany, and Israel, with a pattern of coordinated and automated exploitation observed. It is crucial for organizations to implement safety measures such as applying patches and monitoring for suspicious activity to mitigate these threats.
Affected: Organizations using cloud services and web applications vulnerable to SSRF
Keypoints :
- Over 400 IPs exploiting multiple SSRF CVEs, indicating a coordinated attack effort.
- Countries targeted include the US, Germany, Singapore, India, Lithuania, Japan, and Israel.
- Attacks suggest automation or structured exploitation methods, not focused on single vulnerabilities.
- Essential for users to apply patches, limit outbound connections, and monitor traffic.
- Exploited SSRF can access internal metadata APIs, helping attackers map networks and steal credentials.
Source: https://thehackernews.com/2025/03/over-400-ips-exploiting-multiple-ssrf.html