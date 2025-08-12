Vulnerability Management, OT Security, Threat Intelligence

Intrusions exploiting critical Erlang/OTP SSH RCE spike

Adobe Stock

Adobe Stock

Intrusions targeting the already patched maximum severity Erlang/Open Telecom Platform SSH vulnerability, tracked as CVE-2025-32433, have significantly increased in May, with operational technology firewalls targeted by almost 70% of the attacks, The Hacker News reports.

Healthcare, agriculture, media and entertainment, and technology organizations in the U.S., Canada, Brazil, India, and Australia have been subjected to over 85% of exploitation attempts by still unknown threat actors, who hae sought to obtain remote network access via reverse shells, according to an analysis from Palo Alto Networks Unit 42 researchers. "This widespread exposure on industrial-specific ports indicates a significant global attack surface across OT networks. Analysis of affected industries demonstrates variance in the attacks," said researchers. Such a development comes two months after the flaw, which could be leveraged to facilitate arbitrary code execution on targeted systems without the need for credentials, was added to the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog.

Related

Updated CISA vulnerabilities list adds WinRAR, Microsoft bugs

Observed attacks involving the recently disclosed WinRAR path traversal flaw, tracked as CVE-2025-8088, and the older Microsoft Internet Explorer resource management errors issue and Microsoft Excel remote code execution bug, tracked as CVE-2013-3893 and CVE-2007-0671, have prompted their inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, reports Security Affairs.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Brute ForceCovert ChannelsDNS SpoofingDeepfakeDefacementDenial of ServiceDisruptionDistributed ScansDomain HijackingDumpster Diving

You can skip this ad in 5 seconds