A security researcher revealed a vulnerability in Apache Struts, a piece of enterprise software, last week. The vulnerability in question is tracked as CVE-2018-11776, a remote code execution flaw that allows an attacker to gain control over Struts-based web applications. The flaw is of interest to everyone, mainly because Struts is used by some of the world’s largest companies, including Equifax, which suffered a major data breach last year because of a Struts flaw. Attackers are using the vulnerability to infect servers infecting servers with coinminersminers.
Source: https://www.bleepingcomputer.com/news/security/active-attacks-detected-using-apache-struts-vulnerability-cve-2018-11776/