Over 400 IP addresses abused the flaws.
There has been an increase in attacks on a dozen server-side request forgery vulnerabilities.
According to an investigation from GreyNoise, and published by The Hacker News, several SSRF flaws — the most severe of which are the critical ColumbiaSoft DocumentLocator, GitLab CE/EE, and Zimbra Collaboration Suite bugs — have been concurrently abused by over 400 IP addresses.
Also targeted were other security issues in VMware vCenter and VMware Workspace ONE UEM, Ivanti Connect Secure, DotNetNuke, OpenBMCS, and BerriAI LiteLLM, indicating threat actors' intent of conducting pre-compromise intelligence collection, automation, or structured exploitation, said GreyNoise researchers.
Organisations and other users have been urged to not only remediate vulnerable software but also restrict outbound connections and remain vigilant on atypical outbound requests.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
