Summary: Threat actors, particularly the XE Group, have been exploiting multiple security flaws, including zero-day vulnerabilities, to establish remote access through web shells. This activities highlight a shift in their operational focus targeting supply chains in various sectors. Security experts stress the importance of patching systems as older vulnerabilities continue to be actively exploited.
Affected: Progress, Advantive, manufacturing and distribution sectors
Keypoints :
- XE Group has transitioned from credit card skimming to targeted information theft, exploiting vulnerabilities in software.
- The group has utilized CVE-2024-57968 and CVE-2025-25181 to deploy ASPXSpy web shells for unauthorized system access.
- CISA added five new vulnerabilities to its Known Exploited Vulnerabilities catalog, emphasizing active threats to multiple sectors.
Source: https://thehackernews.com/2025/02/xe-hacker-group-exploits-veracore-zero.html