In the last week of September 2021, Juniper Threat Labs detected a new activity from Necro Python (a.k.a N3Cr0m0rPh , Freakout, Python.IRCBot) that is actively exploiting some services, including a
![CVE-2021-22005: VMware vCenter Analytics Service Arbitrary File Upload Vulnerability](https://blogs.juniper.net/wp-content/uploads/2021/10/SEC-210513_DIGITAL_Threat-Labs-blog-VMware-vCenter-Server.gif)
VMware vCenter server is a centralised management utility used for managing multiple ESXi hosts, virtual machines and all their dependent components. An arbitrary file upload vulnerability has recently been discovered in the Analytics
![Muhstik Botnet Targeting Confluence Servers with CVE-2021-26084](https://blogs.juniper.net/wp-content/uploads/2021/09/cover1.png)
Juniper Threat Labs is seeing an on-going attack targeting Confluence servers. On August 25, Atlassian, the company behind Confluence, disclosed the vulnerability CVE-2021-26084. A few days after that, several
![Aggah Malware Campaign Expands to Zendesk and GitHub to Host Its Malware](https://blogs.juniper.net/wp-content/uploads/2021/08/Aggah-threat.gif)
Juniper Threat Labs has detected a new development in the Aggah malware campaign. Previously, Aggah was known to be using legitimate infrastructures like BlogSpot, WordPress and Pastebin to host its
![Attacks Continue Against Realtek Vulnerabilities](https://blogs.juniper.net/wp-content/uploads/2021/09/Threat-Labs-blogs-CVE-2021-35395.gif)
As we predicted in last week’s post, threat actors continue to utilize new Realtek vulnerabilities disclosed by IoT Inspector Research Lab to distribute malware. Starting on August 19th, Juniper Threat
![RealTek CVE-2021-35394 Exploited in the Wild](https://blogs.juniper.net/wp-content/uploads/2021/08/Blog_ORF_IOT.gif)
Juniper Threat Labs has detected that the threat actors that we recently observed exploiting CVE-2021-20090 are now actively exploiting CVE-2021-35394, a vulnerability disclosed last week by IoT Inspector Research Lab.
![Freshly Disclosed Vulnerability CVE-2021-20090 Exploited in the Wild](https://blogs.juniper.net/wp-content/uploads/2021/08/JTL-FreshVulnExploit.png)
Juniper Threat Labs continuously monitors in-the-wild network traffic for malicious activity. Today, we have discovered an active exploitation of a vulnerability that was disclosed just 2 days ago. CVE-2021-20090 is a vulnerability that was discovered by
![Linux Servers Hijacked to Implant SSH Backdoor](https://blogs.juniper.net/wp-content/uploads/2021/04/210226_DIGITAL_ControlWebPanelThreatLabs-v1.png)
On February 1st, Juniper Threat Labs observed an attack that attempted to inject malicious code into Secure Shell (SSH) servers on Linux. The attack begins with an exploit against the
![CVE-2021-21972: VMware vCenter Unauthorized Remote Code Execution](https://blogs.juniper.net/wp-content/uploads/2021/04/210203_DIGITAL_ThreatLabsVMwarevCenterUnauthorizedRemoteCodeExecution-v1a.png)
VMware vCenter Server is the centralized server management software for VMware, and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location.
![Sysrv Botnet Expands and Gains Persistence](https://blogs.juniper.net/wp-content/uploads/2021/04/sysrv2.jpg)
On March 4, 2021, Juniper Threat Labs identified a surge of activity of the Sysrv botnet. The botnet spread itself into Windows and Linux systems by exploiting multiple vulnerabilities, which