Threat actors, including the XE Group, have been exploiting multiple vulnerabilities in software like Progress Telerik UI and Advantive VeraCore to deploy web shells and maintain persistent access. XE Group, a Vietnamese-origin cybercrime group active since 2010, has shifted from credit card skimming to targeted supply chain attacks. Notably, CVE-2024-57968 (CVSS 9.9) and CVE-2025-25181 (CVSS 5.8) have been used to drop ASPXSpy web shells, execute SQL queries, and exfiltrate data. Meanwhile, CISA has added five actively exploited vulnerabilities, including CVE-2025-0411 and CVE-2024-21413, to its Known Exploited Vulnerabilities catalog, with federal agencies required to patch them by February 27, 2025. These attacks highlight the importance of timely patching and threat monitoring.

‍