JSP webshells being dropped on unpatched PTC Windchill instances
Share
You are reading a summary. The full content is hosted on helpnetsecurity.com.
The US Cybersecurity and Infrastructure Security Agency (CISA) added a vulnerability (CVE-2026-12569) in Windchill and FlexPLM, two product lifecycle management software platforms developed by PTC, to its Known Exploited Vulnerabilities (KEV) catalog. Entries in the KEV catalog don’t contain links to reports of exploitation, but PTC’s advisory keeps getting updated with indicators of compromise and advice for defenders, confirming that attackers are dropping JSP webshells on vulnerable systems. CISA ordered US federal civilian government agencies … More → The post JSP webshells being dropped on unpatched PTC Windchill instances appeared first on Help Net Security.
External link to helpnetsecurity.com
Related Articles
cybersecurity
JadePuffer ransomware used AI agent to automate entire attack
cybersecurity
U.S. Government Entity Paid Kairos $1 Million in Data-Theft Extortion Case
cybersecurity
