This article describes Alibaba Cloud Security's discovery of the web shell vulnerability in phpCMS 2008 content management system, still in use to manage many websites today.
In this article, we will look at a new QBot family variant discovered by Alibaba Cloud Security team, known as 'QBotVariant'.
The Alibaba Cloud Security team has discovered a novel attack, dubbed DockerKiller, on Docker services exposed to the web.
Alibaba Cloud security team detected the first batch mining attack exploiting the PROGRAM feature of PostgreSQL, an open source database popular in cloud deployments.
This article describes the discovery of the first "in-the-wild" Spark Rest API Remote Code Execution (RCE) vulnerability made by Fengwei Zhang and the team at Alibaba Cloud Security on July 7, 2018.