Langflow RCE Exploited to Deploy Monero Miner on Exposed AI App Endpoints
Threat actors are actively exploiting CVE-2026-33017, a critical unauthenticated remote code execution vulnerability in Langflow (CVSS 9.3), to deploy a Monero cryptocurrency…
Threat actors are actively exploiting CVE-2026-33017, a critical unauthenticated remote code execution vulnerability in Langflow (CVSS 9.3), to deploy a Monero cryptocurrency…
Kinsing is a threat group known for cryptojacking operations, often deploying cryptocurrency miners on compromised systems. In this campaign, the Lambsys malware…
WatchDog is a threat group involved in cryptojacking, deploying miners on vulnerable systems. The Lambsys malware actively terminates WatchDog processes to maintain…
Rocke is a threat group associated with cryptocurrency mining malware. The Lambsys malware kills Rocke miner processes as part of its anti-competition…
Outlaw is a threat group known for cryptojacking activities. The Lambsys malware terminates Outlaw miner processes to eliminate rival operations.
Lambsys is a Go-based ELF executable used in cryptojacking campaigns targeting Langflow vulnerabilities. It terminates rival miners, disables security controls, establishes persistence,…
XMRig is an open-source Monero cryptocurrency miner commonly used in cryptojacking campaigns. In this attack, a bespoke XMRig miner is deployed by…
Langflow is an AI application development platform that has been targeted by threat actors exploiting critical RCE vulnerabilities (CVE-2026-33017, CVE-2025-3248) to deploy…