Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
The threat actor known as Mimo (or Mimo’lette) has expanded its intrusion operations from Craft CMS to the Magento ecommerce platform, Docker environments, and cloud instances. Mimo exploits PHP-FPM vulnerabilities in Magento to gain initial access, establishes persistence usi... Between February and May 2025, the intrusion set known as Mimo exploited CVE-2025-32432, a critical unauthenticated RCE in Craft CMS, to deploy a multi-stage infection chain observed via honeypots. The attack began by injecting a PHP webshell through a crafted GET request, fol... On 2024-01-18, a campaign was reported, involving Mimo operator, gaining initial access via 1-day vulnerability, targeting VMware Horizon, Confluence Server, WSO2, Apache ActiveMQ, PaperCut to achieve Resource hijacking, RansomOp. The following tools were observed: Mimo, NHAS reverse_ssh, XMRig, Mimus, Peer2Profit.
| CVE ID | Action |
|---|---|
| CVE-2025-32432 | View Details |