ShadowSyndicate hackers have been exploiting a directory traversal vulnerability (CVE-2024-23334) in aiohttp versions before 3.9.2, a popular asynchronous HTTP framework, allowing remote attackers to access sensitive files
This vulnerability affects over 43,000 internet-exposed instances, and a proof of concept was publicly released, leading to rapid exploitation attempts by threat actors. CGSI detected ongoing scanning activities targeting vulnerable systems, emphasizing the importance of patching to mitigate this critical flaw. ShadowSyndicate, linked to LockBit ransomware and various ransomware attacks, has been identified as a RaaS affiliate actively exploiting the aiohttp vulnerability. IPs associated with exploitation attempts, like 81.19.136.251 and others, should be further investigated for potential malicious activities. https://cybersecuritynews.com/shadow-syndicate-aiohttp-vulnerability-data-theft/