Attackers are actively exploiting two critical vulnerabilities in enterprise software widely used in China. The first flaw in MetInfo, a content management system, allows remote code execution through unauthenticated PHP code injection, with exploitation surging over the weekend primarily targeting servers in Singapore. Separately, threat actors are exploiting a vulnerability in Weaver E-cology, an office automation platform, using exposed debug functionality as a persistent shell to execute arbitrary commands without needing authentication.