XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells

The XE Group, a cybercrime group likely of Vietnamese origin, is exploiting vulnerabilities in Advantive VeraCore and Progress Telerik UI for ASP.NET AJAX to deploy web shells and maintain persistent remote access to compromised systems. This marks the first time the group has been attributed to zero-day exploitation, indicating an increase in sophistication. CISA added five security flaws to its KEV catalog, including CVE-2025-0411, which is being exploited by Russian cybercrime outfits to distribute malware.