Cybersecurity researchers have discovered a new campaign that exploits a known security flaw impacting Apache HTTP Server to deliver a cryptocurrency miner called Linuxsys.
The vulnerability in question is CVE-2021-41773 (CVSS score: 7.5), a high-severity path traversal vulnerability in Apache HTTP Server version 2.4.49 that could result in remote code execution.
"The attacker leverages compromised legitimate websites to distribute malware, enabling stealthy delivery and evasion of detection," VulnCheck's Jacob Baines said in a report shared with The Hacker News.
https://thehackernews.com/2025/07/hacke ... -flaw.html