HawkTrace

New cPanel IOC http://180[.]93[.]243[.]75:8080 http://45[.]140[.]164[.]151:8080/IXhwpJOUk4/blue.drx http://180[.]93[.]243[.]75:8080/ovh http://68[.]183[.]190[.]253/fav.ico|sh https://raw[.]githubusercontent[.]com/nezhahq/scripts/main/agent/install.sh #cpanel #ioc #malware

Following the disclosure of the cPanel vulnerability CVE-2026-41940, threat actors wasted no time. Read our full breakdown to see exactly what they did once they were inside. hawktrace.com/blog/cpanel/

IbWebAdmin Unauthenticated Remote Code Execution !!! hawktrace.com/blog/ibwebadmi… #ibwebadmin #hawktrace #rce #unauth

CVE-2025-60021 Apache bRPC - Remote Command Injection JeControlProfile Controller > uri_extra_options > cmd_str *uri_extra_options > read_command_output > read_command_output_through_popen > popen openwall.com/lists/oss-secu… nvd.nist.gov/vuln/detail/CV… #hawktrace #cve-2025-60021 #apache #brpc

RT @int20z: Looks like the wrong cve analysis is just below😭😭 Maybe CVE-2025-59287 hawktrace.com/blog/CVE-2025-…

CVE-2025-59287 WSUS Remote Code Execution hawktrace.com/blog/CVE-2025-… #infosec #wsus #cve-2025-59287

Details on the critical RCE vulnerability we discovered in Microsoft Web Deploy CVE-2025-53772. hawktrace.com/blog/cve-2025-… #iiswebdeploy #infosec #webdeploy #iis #cve-2025-53772

CVE-2025-49704: This vulnerability arises from the implementation of the SurrogateSelector interface. CVE-2025-49706 authentication bypass, allows import/update operations on SharePoint WebPart components via the ToolPane endpoint. Accordingly, you can contact the @hawktrace

Against New Generation Threats, Innovative Defense Strategies. hawktrace.com #modernattack #hawktrace