A critical-severity remote code execution flaw in RocketMQ servers is used by a new variant of the DreamBus botnet malware to infect targets.
The exploitable weakness, identified as CVE-2023-33246, affects RocketMQ versions 5.1.0 and earlier and affects permission verification. Under some circumstances, it enables attackers to execute commands remotely.
Researchers at Juniper Threat Labs discovered the recent DreamBus assaults that took advantage of the vulnerability and noted a spike in activity around mid-June 2023 read more DreamBus malware exploits RocketMQ flaw to infect servers.
Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.