Scammers take to GitHub to hoodwink other cybercriminals

Cybersecurity researchers have discovered multiple GitHub accounts selling fake proof-of-work concept exploits for the latest zero-day vulnerabilities discovered in Microsoft Exchange.

The warning follows the discovery of two new zero-day vulnerabilities in Microsoft Exchange: CVE-2022-41040 and CVE-2022-41082. These are a server-side request forgery (SSRF) flaw, and remote code execution (RCE) flaw, with both said to be being used by threat actors in the wild.


Leave a Comment