VulnHub

Real-time Cybersecurity News

Exposed training apps are showing up in active cloud attacks

Help Net Security
Actively Exploited

Overview

Recent research by Pentera has revealed that training applications, designed to teach secure coding and provide hands-on practice, are being left exposed on the public internet. These applications, including OWASP Juice Shop and Damn Vulnerable Web Application, are often used for demos and internal testing. Unfortunately, security teams may not realize that these intentionally vulnerable environments are actively being exploited by attackers. This situation poses a significant risk, as it allows malicious actors to gain access to sensitive information or launch further attacks from these platforms. Organizations using such training tools need to ensure they are properly secured to prevent unauthorized access.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: OWASP Juice Shop, Damn Vulnerable Web Application, Hackazon
  • Action Required: Organizations should take immediate steps to secure training applications by restricting access to internal networks, implementing strong authentication measures, and regularly monitoring for any unauthorized access.
  • Timeline: Newly disclosed

Original Article Summary

Security teams often spin up vulnerable applications for demos, training, or internal testing. A recent Pentera research report documents how those environments are being left exposed on the public internet and actively exploited. The research focuses on intentionally vulnerable apps such as OWASP Juice Shop, Damn Vulnerable Web Application, Hackazon, and similar projects. These tools are commonly deployed to teach secure coding, support product demonstrations, or give red and blue teams hands-on practice. According to … More → The post Exposed training apps are showing up in active cloud attacks appeared first on Help Net Security.

Impact

OWASP Juice Shop, Damn Vulnerable Web Application, Hackazon

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Organizations should take immediate steps to secure training applications by restricting access to internal networks, implementing strong authentication measures, and regularly monitoring for any unauthorized access. Additionally, teams should ensure that these applications are not exposed to the public internet unless necessary and that they are updated to the latest versions with all security patches applied.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Read Original Article

Related Coverage

One threat actor responsible for 83% of recent Ivanti RCE attacks

BleepingComputer

Recent threat intelligence reports indicate that a single threat actor is behind the majority of attacks exploiting two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), identified as CVE-2026-21962 and CVE-2026-24061. These vulnerabilities allow for remote code execution, posing significant risks to organizations using this mobile management solution. The findings suggest that companies using Ivanti's software need to be vigilant, as the attacks are actively occurring. The focus on a single actor highlights the need for targeted defenses against this specific threat. Organizations are encouraged to monitor for unusual activity and apply any available patches to mitigate potential exploitation.

Feb 14, 2026

Snail mail letters target Trezor and Ledger users in crypto-theft attacks

BleepingComputer

Attackers are targeting users of cryptocurrency hardware wallets Trezor and Ledger by sending fake physical letters that appear to be from these companies. These letters aim to deceive users into revealing their recovery phrases, which can be used to steal their cryptocurrencies. This tactic exploits the trust users have in these well-known wallet providers and could lead to significant financial losses for those who fall for the scam. It’s crucial for users to be cautious and verify any communications they receive, especially when it comes to sensitive information like recovery phrases. The rise of such scams underscores the need for increased awareness and education around cryptocurrency security.

Feb 14, 2026

Suspected Russian hackers deploy CANFAIL malware against Ukraine

Security Affairs

A newly identified hacking group, suspected to be linked to Russian intelligence, has launched attacks against various Ukrainian sectors, including defense, government, and energy. This group is using a malware called CANFAIL, which was uncovered by researchers from Google Threat Intelligence Group. The targeting of critical infrastructure and military entities raises significant concerns about national security and the ongoing conflict in the region. As these attacks could disrupt essential services and information systems, the situation highlights the need for enhanced cybersecurity measures among the affected organizations. This incident is part of a broader pattern of cyber warfare tactics being employed against Ukraine.

Feb 14, 2026

Fake job recruiters hide malware in developer coding challenges

BleepingComputer

North Korean hackers are running a fake recruiter scheme aimed at JavaScript and Python developers, using enticing cryptocurrency-related coding challenges to lure victims. These challenges often contain hidden malware designed to compromise the developers' systems. This tactic exploits the growing interest in cryptocurrency and the remote job market, making it especially appealing to tech professionals looking for work. Developers who engage with these fake opportunities risk not only their personal data but also their work environments, as the malware can lead to further security breaches. Awareness of these scams is crucial for developers to protect themselves from potential attacks.

Feb 13, 2026

Disney settles California privacy violations with $2.75M penalty

SCM feed for Latest

Disney has agreed to a settlement of $2.75 million to address violations of the California Consumer Privacy Act. The issues arose from the company's inadequate measures to allow customers to opt out of data sharing. This settlement underscores the importance of compliance with privacy laws, particularly as consumer data protection becomes a growing concern. Affected consumers include those who interacted with Disney's online services, as their data may have been shared without proper opt-out mechanisms. The case serves as a reminder for companies to prioritize transparency and user control over personal information.

Feb 13, 2026

Qilin attack-related breach confirmed by Conpet

SCM feed for Latest

Conpet, Romania's national oil pipeline operator, has confirmed that its data was compromised due to a Qilin ransomware attack that targeted its IT infrastructure last week. This incident raises concerns about the security of critical infrastructure, as ransomware attacks can disrupt essential services and lead to significant operational challenges. While specific details about the type of data compromised haven't been disclosed, the breach highlights the ongoing risks that organizations in crucial sectors face from sophisticated cybercriminals. The attack underscores the need for robust security measures in protecting vital systems against ransomware threats. Stakeholders in the energy sector should take note and review their security protocols to prevent similar incidents.

Feb 13, 2026