RCE

Researchers Find More Than 30 Flaws in AI Coding Tools Allowing Data Theft and RCE Attacks

Security analysts have uncovered more than 30 vulnerabilities across several artificial intelligence powered Integrated Development Environments that blend prompt injection weaknesses with trusted development features. These issues enable information theft and remote code execution. The combined flaws have been named IDEsaster by security researcher Ari Marzouk, also known as MaccariTA. The findings affect a wide […]

Researchers Find More Than 30 Flaws in AI Coding Tools Allowing Data Theft and RCE Attacks Read More »

Bloody Wolf expands Java based NetSupport RAT attacks in Kyrgyzstan and Uzbekistan

A growing cyber espionage campaign linked to the threat group known as Bloody Wolf has widened its reach in Central Asia as the attackers continue delivering the NetSupport RAT through deceptive Java based loaders. The campaign, which initially focused on Kyrgyzstan in June 2025, has expanded to include Uzbekistan by October 2025, according to Group

Bloody Wolf expands Java based NetSupport RAT attacks in Kyrgyzstan and Uzbekistan Read More »

New Fluent Bit Vulnerabilities Expose Cloud Systems to RCE and Stealthy Infrastructure Intrusions

Cybersecurity analysts have identified five significant vulnerabilities in Fluent Bit, a widely used open source telemetry agent. These flaws can be combined to compromise cloud environments and potentially give attackers full control over infrastructure. Oligo Security shared the findings, noting that the weaknesses allow authentication bypass, path traversal, remote code execution, service disruption, and tag

New Fluent Bit Vulnerabilities Expose Cloud Systems to RCE and Stealthy Infrastructure Intrusions Read More »

Vulnerability in Chrome V8 JavaScript Engine Enables Remote Code Execution

Google has issued an emergency security update to fix a high-severity flaw in the V8 JavaScript engine used by the Chrome browser. The patch was released quickly to prevent potential remote code execution (RCE) attacks that could compromise user devices. Discovery of the Vulnerability The flaw, identified as CVE-2025-12036, originates from an improper implementation inside

Vulnerability in Chrome V8 JavaScript Engine Enables Remote Code Execution Read More »

Critical Veeam Backup RCE Flaws Allow Remote Execution of Malicious Code

Veeam has issued an urgent security update to fix several critical remote code execution (RCE) vulnerabilities affecting Veeam Backup & Replication version 12. These flaws could let authenticated domain users execute malicious code on backup servers and infrastructure hosts, posing a severe threat to organizations. Two of the most dangerous vulnerabilities specifically impact domain-joined installations

Critical Veeam Backup RCE Flaws Allow Remote Execution of Malicious Code Read More »

Windows Remote Desktop Client Flaw Enables Remote Code Execution

Microsoft has addressed a critical security flaw in the Windows Remote Desktop Client that could allow attackers to execute arbitrary code on a user’s system. The issue, identified as CVE-2025-58718, was disclosed on October 14, 2025, and rated as Important in severity. Although no active exploitation has been reported, cybersecurity researchers warn that the flaw

Windows Remote Desktop Client Flaw Enables Remote Code Execution Read More »

CrowdStrike Falcon Windows Sensor Vulnerability Allows Remote Code Execution, File Deletion on Host

CrowdStrike has disclosed two medium-severity vulnerabilities in its Falcon sensor for Windows that could allow attackers, who already have code execution capabilities on a system, to delete arbitrary files. These flaws have been patched in the latest sensor versions, and no evidence of active exploitation has been found so far. Details of the Vulnerabilities The

CrowdStrike Falcon Windows Sensor Vulnerability Allows Remote Code Execution, File Deletion on Host Read More »

Proof of Concept Exploit Released for Nothing Phone Remote Code Execution Vulnerability

A proof of concept exploit, called Fenrir and published by researcher R0rt1z2, has been released for a critical weakness in the secure boot chain used by the Nothing Phone (2a) and CMF Phone 1, and likely present in other devices using MediaTek system on chips. The exploit lets an attacker run code at the highest

Proof of Concept Exploit Released for Nothing Phone Remote Code Execution Vulnerability Read More »

Critical Figma MCP Flaw Allows Remote Code Execution, Users Urged to Patch Immediately

A serious security flaw has been discovered in the figma-developer-mcp (Model Context Protocol) server, which could allow attackers to execute arbitrary code remotely. Although the issue has now been patched, experts are warning users to update immediately to prevent exploitation. Details of the Vulnerability The vulnerability, tracked as CVE-2025-53967 with a CVSS score of 7.5,

Critical Figma MCP Flaw Allows Remote Code Execution, Users Urged to Patch Immediately Read More »

13-Year-Old Critical Redis RCE Flaw Allowed Attackers Full Host Access

A newly uncovered remote code execution (RCE) flaw in Redis, known as RediShell, has revealed that attackers could gain complete control over the host system. The issue, tracked as CVE-2025-49844, was discovered by Wiz Research and carries the maximum CVSS score of 10.0, placing it among the most critical security threats identified to date. The

13-Year-Old Critical Redis RCE Flaw Allowed Attackers Full Host Access Read More »