Analyzing Software Vulnerabilities and Exploitation Methods

SSH authorized_keys File
One of the most common techniques used by many bots is to add rogue keys to the authorized_keys file, implementing an SSH backdoor. Managing these files and detecting unauthorized changes is not hard and should be done if you operate Unix systems.
https://isc.sans.edu/diary/Securing%20Your%20SSH%20authorized_keys%20File/31986
REMOTE COMMAND EXECUTION ON SMARTBEDDED METEOBRIDGE (CVE-2025-4008)
Weatherstation software Meteobridge suffers from an easily exploitable unauthenticated remote code execution vulnerability
https://www.onekey.com/resource/security-advisory-remote-command-execution-on-smartbedded-meteobridge-cve-2025-4008
https://forum.meteohub.de/viewtopic.php?t=18687
Manageengine ADAuditPlus SQL Injection
Zoho patched two SQL Injection vulnerabilities in its ManageEngine ADAuditPlus product
https://www.manageengine.com/products/active-directory-audit/cve-2025-41407.html
https://www.manageengine.com/products/active-directory-audit/cve-2025-36527.html
Dero Miner Infects Containers through Docker API
Kaspersky found yet another botnet infecting docker containers to spread crypto coin miners. The initial access happens via exposed docker APIs.
https://securelist.com/dero-miner-infects-containers-through-docker-api/116546/