cybersecurity

JSP webshells being dropped on unpatched PTC Windchill instances

Source: helpnetsecurity.com 1 min read

Share

JSP webshells being dropped on unpatched PTC Windchill instances

You are reading a summary. The full content is hosted on helpnetsecurity.com.

The US Cybersecurity and Infrastructure Security Agency (CISA) added a vulnerability (CVE-2026-12569) in Windchill and FlexPLM, two product lifecycle management software platforms developed by PTC, to its Known Exploited Vulnerabilities (KEV) catalog. Entries in the KEV catalog don’t contain links to reports of exploitation, but PTC’s advisory keeps getting updated with indicators of compromise and advice for defenders, confirming that attackers are dropping JSP webshells on vulnerable systems. CISA ordered US federal civilian government agencies … More → The post JSP webshells being dropped on unpatched PTC Windchill instances appeared first on Help Net Security.

Read the full article on the original website

External link to helpnetsecurity.com

Related Articles