:

QINGLONG TASK SCHEDULER UNDER ATTACK FOR CRYPTOMINING

SECURITY DESK1 MIN READ
THU, MAY 21, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Hackers are actively exploiting authentication bypass vulnerabilities in Qinglong, an open-source task scheduling tool, to deploy cryptominers on developer servers. The attacks target two separate RCE flaws in the platform.

Qinglong, a popular task scheduler used by developers for automation, contains critical vulnerabilities allowing unauthenticated remote code execution. Threat actors are leveraging these flaws to gain server access and install cryptocurrency mining malware. The authentication bypass vulnerabilities enable attackers to execute arbitrary commands without valid credentials. Once compromised, affected servers become part of cryptomining botnets, consuming computational resources and increasing operational costs. Qinglong users should immediately update to the latest patched version. Organizations running the tool should audit server logs for suspicious activity and monitor CPU usage for signs of unauthorized mining operations. The vulnerability underscores ongoing risks in open-source infrastructure tools. Developers relying on Qinglong for production workloads should prioritize patching and implement network segmentation to limit exposure.

■ SOURCES

Bleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

Microsoft has released a patch for a zero-day vulnerability in Windows Defender that could allow attackers to exhaust hard disk space. The flaw was discovered and reported by security researcher NightmareEclipse.

8H AGOIndustry Desk

A software defect from 2006 triggered a cascading network failure that knocked out Telstra's national phone service Wednesday morning. The bug, related to daylight savings time processing, created a 'digital domino chain' that locked customers out across the country.

8H AGOIndustry Desk

The EU Parliament is advancing legislation that would require tech companies to scan for child sexual abuse material (CSAM), reviving a proposal rejected in March. End-to-end encrypted services like WhatsApp would be exempt from the requirements.

10H AGOIndustry Desk

Hackers compromised the Injective Labs SDK repository on GitHub and published a malicious package to npm that steals cryptocurrency wallet private keys and seed phrases from developers.

10H AGODev Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.