VulnHub

Real-time Cybersecurity News

Majority of Internet-Accessible REDCap Servers Outdated

SecurityWeek
Actively Exploited
ExploitVulnerabilityUpdateData Breach

Overview

A recent analysis has revealed that a majority of REDCap servers accessible via the internet are outdated and vulnerable. These servers, which are widely used in research and healthcare for data collection, are currently being targeted by a hacking group linked to China, known as UNC6508. Researchers found that these attackers use these vulnerabilities for initial access and to deploy backdoors, making it easier for them to exploit the systems further. The situation raises serious concerns for organizations relying on REDCap for sensitive data management, as outdated servers can lead to data breaches and compromise patient confidentiality. It's crucial for administrators to update their systems to defend against these ongoing attacks.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: REDCap servers, particularly those accessible over the internet
  • Action Required: Organizations using REDCap should immediately check for updates and apply patches to their servers to mitigate vulnerabilities.
  • Timeline: Newly disclosed

Original Article Summary

These servers are regularly targeted by China-linked UNC6508 for initial access and backdoor deployment. The post Majority of Internet-Accessible REDCap Servers Outdated appeared first on SecurityWeek.

Impact

REDCap servers, particularly those accessible over the internet

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Organizations using REDCap should immediately check for updates and apply patches to their servers to mitigate vulnerabilities. Regular maintenance and security assessments are recommended.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Exploit, Vulnerability, Update, and 1 more.

Read Original Article

Related Coverage

New Prinz Eugen ransomware prioritizes recent files for encryption

BleepingComputer

A new ransomware strain called 'Prinz Eugen' has emerged, targeting recently modified files for encryption while notably avoiding the use of a ransom note on the infected systems. This approach may confuse victims, as they might not realize they've been attacked until it's too late. The ransomware's focus on recent files could affect businesses and individuals who regularly update their documents and data, making recovery more complicated. Users are urged to maintain regular backups and enhance their cybersecurity measures to protect against this evolving threat. The absence of a ransom note also raises questions about the attackers' intentions and future tactics.

Jun 20, 2026

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

The Hacker News

Hackers are taking advantage of a recently patched vulnerability in the Gravity SMTP plugin for WordPress, which is used on around 100,000 websites. This security flaw, identified as CVE-2026-4020, allows attackers without authentication to access sensitive information, including API keys and OAuth tokens. The vulnerability has a medium severity score of 5.3, but the potential exposure of critical data makes it a significant concern for site administrators. Users of the Gravity SMTP plugin need to ensure they update to the latest version to protect their sites from these attacks. The urgency of addressing this issue is heightened by the fact that the vulnerability is currently being exploited in the wild.

Jun 20, 2026

Hackers exploit info disclosure bug in Gravity SMTP WordPress plugin

BleepingComputer

Hackers are taking advantage of an unauthenticated information disclosure vulnerability in the Gravity SMTP plugin for WordPress, which is installed on around 100,000 websites. This vulnerability allows attackers to access sensitive information without needing to log in, potentially exposing user data and other critical site details. The flaw poses a serious risk to website owners and their users, as it could lead to further attacks or data breaches. Website administrators are urged to assess whether they are using this plugin and to take necessary actions to secure their sites. Ignoring this issue could leave users’ information vulnerable and put the integrity of the websites at risk.

Jun 19, 2026

Meteor 3.0 Migration Helped Rocket.Chat Move Off End-of-Life Node.js Runtime

Hackread – Cybersecurity News, Data Breaches, AI and More

Rocket.Chat has successfully migrated from Node.js 14 to Node.js 20, thanks to the release of Meteor 3.0. This upgrade is significant as it addresses the removal of Fibers, which had been a source of runtime debt. By moving to a more current version of Node.js, Rocket.Chat aims to minimize supply-chain risks, especially for its federal users who depend on secure and up-to-date software. This change not only enhances the performance of Rocket.Chat but also aligns it with modern security standards, making it less vulnerable to potential exploits associated with outdated runtimes. Overall, this migration reflects a proactive step toward improving software security and reliability.

Jun 19, 2026

Texas govt data breach exposes over 3 million driver’s licenses

BleepingComputer

The Texas Parks and Wildlife Department (TPWD) has reported a significant data breach involving its license system vendor. This incident has compromised the personal information of over three million individuals, including details related to driver’s licenses. The breach raises concerns about identity theft and privacy for those affected, as their sensitive information may be exposed to malicious actors. The TPWD's announcement emphasizes the need for vigilance among residents, encouraging them to monitor their accounts for any signs of fraud. This incident highlights the ongoing risks associated with third-party vendors managing sensitive data, underscoring the importance of robust security measures in protecting personal information.

Jun 19, 2026

eFAQ Publishes Investigation Into Alleged Scam Activity and Coordinated Reputation Attacks

Hackread – Cybersecurity News, Data Breaches, AI and More

eFAQ has released an investigation into alleged scam activities linked to coordinated reputation attacks targeting various individuals and organizations. The report outlines how these scams operate, often involving misinformation and fraudulent communications designed to damage reputations and mislead potential victims. Those affected include both individuals and businesses that have been wrongly accused or misrepresented in online platforms, leading to significant reputational harm. This incident highlights the growing concern around online scams and the need for vigilance among users and companies alike. Understanding these tactics is crucial for protecting personal and organizational integrity in the digital landscape.

Jun 19, 2026