2025年10月初，网络安全领域面临一项重大威胁——Redis的Lua脚本引擎中存在严重的释放后重用漏洞RediShell被公开披露。 该漏洞被Wiz研究人员命名为"RediShell"（CVE-2025-49844），攻击者可利用此漏洞突破Lua沙箱限制，在受影响系统上实现主机级别的远程代码执行。

The worm, dubbed P2PInfect, works across platforms and is resistant to takedowns. It might be the first stage of a larger attack. Researchers have discovered a new worm that infects servers running ...

The Muhstik malware gang is now actively targeting and exploiting a Lua sandbox escape vulnerability in Redis after a proof-of-concept exploit was publicly released. The vulnerability is tracked as ...

Security firm Sysdig is warning about a critical security vulnerability in the widely used in-memory data store Redis. The flaw, tracked as CVE-2025-49844 and dubbed “RediShell” by security ...

Security research firm Wiz is strongly urging organisations to patch a very serious vulnerability in the Redis database that, if exploited, can grant attackers full access to host systems. Furthermore ...

Earlier this month, security researchers discovered a new peer-to-peer (P2P) malware with self-spreading capabilities that targets Redis instances running on Internet-exposed Windows and Linux systems ...

Earlier this month, researchers from Palo Alto’s Unit 42 discovered a peer-to-peer worm dubbed P2PInfect targeting Redis installations, an open-source database application used in cloud environments.

Note: Article updated on 7-20-23 to add a statement from Redis. Researchers have identified a cross-platform, Rust-based, peer-to-peer (P2) worm that's targeting the Redis open-source database ...