“php to the latest versions, or even more ideally switch from php in cgi mode to php - fpm ( fastcgi process manager ). 2 it is understood that doing so will mitigate this class of exploitation. cve - 2019 - 9082, a vulnerability in thinkphp, has seen a resurgence in activity. thi…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
94%
“exploitation technique exploitation for this campaign is a combination of cwe - 200 : exposure of sensitive information to an unauthorized actor6, and cwe - 918 : server - side request forgery ( ssrf ) 7. the technique is relatively straightforward. we observed get requests like …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
93%
“but we detected a huge increase in scanning for cve - 2017 - 9841 beginning in may 2024. while activity dropped off again a few months later, it appears that threat actors have commenced a new campaign with scanning activity almost reaching the levels we saw last year. organizati…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1552.005Cloud Instance Metadata API
71%
“this exploit. campaign timeline during march 2025 we observed a four - day flurry of activity attempts to compromise ec2 instance metadata being inadvertently exposed by web sites through server - side request forgery ( ssrf ). 4 ec2 instance metadata is a feature provided by aws…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
66%
“campaign targets amazon ec2 instance metadata via ssrf the sensor intel series is created in partnership with efflux, who maintains a globally distributed network of sensors from which we derive attack telemetry. additional insights and contributions provided by the f5 threat cam…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
43%
“march data ( see the logarithm scale plots in figure 3 ). cve - 2019 - 9082 has shown a steady increase in activity, maintaining its breakaway from its previous downward trend. cve - 2024 - 4577 continues its upward trends. cve - 2022 - 47945 also maintains its new trend in susta…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1525Implant Internal Image
41%
“. exploitation impact readers will be forgiven if the impact of the vulnerability and exposure combined is not apparent. ec2 instance metadata, imdsv18 in this case, commonly exposes sensitive data such as valid aws credentials to the ec2 instance via hxxp : / / 169. 254. 169. 25…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Discover the latest CVE trends and a new campaign targeting websites hosted in EC2 instances on AWS.