Cybersecurity researchers have uncovered a campaign exploiting an old Apache HTTP Server flaw (CVE-2021-41773) to deploy the Linuxsys cryptocurrency miner, using compromised legitimate sites to evade detection. The malware is delivered via shell scripts that ensure persistence and have also been linked to past vulnerabilities in other platforms like Atlassian, Metabase, and Palo Alto Networks. The attacks show signs of long-term planning, avoiding easy detection. Additionally, a related campaign using the H2Miner botnet also delivers Kinsing malware, the XMRig miner, and a weak AI-generated ransomware strain called Lcrypt0rx. Meanwhile, Kaspersky reported a separate espionage-focused backdoor GhostContainer, targeting Exchange Servers in Asia.