Recurring Server Compromise Enabled by Legacy Infrastructure (CentOS 6)
Scenario One of our clients received an abuse alert from the hosting provider regarding sustained, excessive CPU usage on a server within our infrastructure. The usage patterns were consistent with post-exploitation activity, specifically resource abuse for cryptomining and lateral network scanning. The provider indicated the server was compromised via an unpatched cPanel/WHM installation (CVE-2026-41940), a […]
Client File Transfer Protocol (FTP) Compromise and Phishing Kit Deployment
Scenario During our regular monitoring, we discovered that a domain hosted on a client’s server was compromised. Attackers created a deep, hidden directory within the site’s file structure to host a fraudulent financial login page. This infrastructure hijacking was used to deploy a phishing kit targeting financial services. By nesting this malicious page within a […]