Attackers are leveraging two recently discovered authentication bypass vulnerabilities in the Qinglong task scheduler to gain unauthorized access and install cryptomining malware on compromised systems. The Qinglong tool, an open-source task scheduling platform, is widely used by developers to manage and automate tasks on their servers. By exploiting these vulnerabilities, hackers can bypass authentication mechanisms and remotely execute code, allowing them to deploy cryptominers and harness the computing power of infected systems for illicit cryptocurrency mining operations1. The vulnerabilities in question can be exploited to gain control of systems, highlighting the importance of prompt patching and security updates. This exploitation underscores the need for developers to prioritize security and keep their systems up-to-date to prevent such attacks. So what matters to practitioners is that staying informed about emerging vulnerabilities, such as those in Qinglong, is crucial to maintaining the security of their systems and preventing cryptomining attacks.