Updated
Updated · The Hacker News · May 5
Threat actors exploit MetInfo CMS flaw for remote code execution
Updated
Updated · The Hacker News · May 5

Threat actors exploit MetInfo CMS flaw for remote code execution

13 articles · Updated · The Hacker News · May 5
  • VulnCheck said attacks surged on 1 May, targeting China and Hong Kong after earlier limited activity hit honeypots in the US and Singapore.
  • The critical CVE-2026-29014 bug, scored 9.8, affects MetInfo 7.9, 8.0 and 8.1 and can let unauthenticated attackers run arbitrary PHP code and seize servers.
  • MetInfo released patches on 7 April; exploitation began by 25 April. About 2,000 internet-exposed instances exist, mostly in China, and non-Windows attacks require a pre-existing WeChat plugin cache directory.
As the world's top vulnerability database steps back, who will guide businesses through the escalating storm of cyber threats?
When state-backed hackers exploit a domestic technology to attack targets at home, what does it reveal about their true mission?
With AI-powered attacks shrinking exploit times to hours, is the era of manual cybersecurity patching officially over?

Related Stories

The Hacker NewsMay 5
scworld.comMay 5
wallarm.comMay 5
cyfirmaMay 5
zscaler.comMay 5
InstagramMay 5
FacebookMay 5
websec.netMay 5
cybereason.comMay 5
armis.comMay 5
fidelissecurity.comMay 5
volexity.comMay 5
SentinelOneMay 5