216.73.217.80

Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks

· Published 09/12/2025 12:50 · Modified 21/12/2025 18:50

Export JSON

Essential information

Published
09/12/2025 12:50
Modified
21/12/2025 18:50
Tags
2025-12-09 CVE-2025-1610 CVE-2025-2611 CVE-2025-6389 botnet ddos frost ictbroadcast remote code execution sneeit framework trojan.karagany vulnerability exploitation wordpress xfrost
Related entities
4 vulnerabilities (cve), 6 observables, 9 techniques (mitre), 2 malware, 1 others

Description

A critical vulnerability () in the plugin is being actively exploited. The flaw allows unauthenticated attackers to execute code on the server, potentially creating malicious admin accounts or injecting backdoors. Wordfence has blocked over 131,000 attack attempts since November 24, 2025. Concurrently, a separate attack exploiting an vulnerability () is being used to spread the '' . This combines capabilities with spreader logic, including exploits for fifteen CVEs. The attacks appear to be part of a small, targeted operation, given the limited number of vulnerable internet-exposed systems.

External references