RCE

CISA Adds Actively Exploited Sierra Wireless Router Flaw Allowing RCE Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high severity flaw affecting Sierra Wireless AirLink ALEOS routers to its Known Exploited Vulnerabilities (KEV) catalog after reports of active exploitation. The vulnerability, tracked as CVE-2018-4063, allows remote code execution (RCE) through a specially crafted HTTP request. CVE-2018-4063 Overview The vulnerability involves an unrestricted […]

CISA Adds Actively Exploited Sierra Wireless Router Flaw Allowing RCE Attacks Read More »

Active Attacks Abuse Gladinet Hard Coded Keys to Gain Unauthorized Access and Execute Code

Cybersecurity researchers are warning of ongoing attacks targeting Gladinet CentreStack and Triofox deployments, where threat actors are actively exploiting a weakness caused by hard coded cryptographic keys. According to new findings from Huntress, at least nine organizations have already been impacted. Security researcher Bryan Masters explained that the flaw allows attackers to access sensitive configuration

Active Attacks Abuse Gladinet Hard Coded Keys to Gain Unauthorized Access and Execute Code Read More »

.NET SOAPwn Flaw Enables File Writes and Remote Code Execution Through Rogue WSDL

Cybersecurity researchers have revealed a serious exploitation technique affecting enterprise applications built on the .NET ecosystem, enabling attackers to perform arbitrary file writes and potentially achieve remote code execution. The research was conducted by WatchTowr Labs, which internally named the issue SOAPwn. According to the researchers, the flaw stems from how certain .NET components process

.NET SOAPwn Flaw Enables File Writes and Remote Code Execution Through Rogue WSDL Read More »

Fortinet, Ivanti, and SAP Release Urgent Fixes for Authentication and Code Execution Vulnerabilities

Security teams across multiple industries are racing to deploy urgent updates after Fortinet, Ivanti, and SAP released patches for high risk vulnerabilities that could allow attackers to bypass authentication controls or execute malicious code. The newly disclosed flaws are considered especially dangerous because of their potential to provide remote, unauthenticated access to critical systems at

Fortinet, Ivanti, and SAP Release Urgent Fixes for Authentication and Code Execution Vulnerabilities Read More »

Sneeit WordPress RCE Exploited in the Wild, and ICTBroadcast Bug Powering Frost Botnet Attacks

A severe security weakness found in the Sneeit Framework plugin for WordPress is currently being abused across live sites, based on information shared by Wordfence. The flaw, tracked as CVE-2025-6389 with a CVSS rating of 9.8, affects every version up to 8.3. Developers fixed the issue in version 8.4 released on August 5, 2025. The

Sneeit WordPress RCE Exploited in the Wild, and ICTBroadcast Bug Powering Frost Botnet Attacks Read More »

Researchers Find More Than 30 Flaws in AI Coding Tools Allowing Data Theft and RCE Attacks

Security analysts have uncovered more than 30 vulnerabilities across several artificial intelligence powered Integrated Development Environments that blend prompt injection weaknesses with trusted development features. These issues enable information theft and remote code execution. The combined flaws have been named IDEsaster by security researcher Ari Marzouk, also known as MaccariTA. The findings affect a wide

Researchers Find More Than 30 Flaws in AI Coding Tools Allowing Data Theft and RCE Attacks Read More »

Bloody Wolf expands Java based NetSupport RAT attacks in Kyrgyzstan and Uzbekistan

A growing cyber espionage campaign linked to the threat group known as Bloody Wolf has widened its reach in Central Asia as the attackers continue delivering the NetSupport RAT through deceptive Java based loaders. The campaign, which initially focused on Kyrgyzstan in June 2025, has expanded to include Uzbekistan by October 2025, according to Group

Bloody Wolf expands Java based NetSupport RAT attacks in Kyrgyzstan and Uzbekistan Read More »

New Fluent Bit Vulnerabilities Expose Cloud Systems to RCE and Stealthy Infrastructure Intrusions

Cybersecurity analysts have identified five significant vulnerabilities in Fluent Bit, a widely used open source telemetry agent. These flaws can be combined to compromise cloud environments and potentially give attackers full control over infrastructure. Oligo Security shared the findings, noting that the weaknesses allow authentication bypass, path traversal, remote code execution, service disruption, and tag

New Fluent Bit Vulnerabilities Expose Cloud Systems to RCE and Stealthy Infrastructure Intrusions Read More »

Vulnerability in Chrome V8 JavaScript Engine Enables Remote Code Execution

Google has issued an emergency security update to fix a high-severity flaw in the V8 JavaScript engine used by the Chrome browser. The patch was released quickly to prevent potential remote code execution (RCE) attacks that could compromise user devices. Discovery of the Vulnerability The flaw, identified as CVE-2025-12036, originates from an improper implementation inside

Vulnerability in Chrome V8 JavaScript Engine Enables Remote Code Execution Read More »

Critical Veeam Backup RCE Flaws Allow Remote Execution of Malicious Code

Veeam has issued an urgent security update to fix several critical remote code execution (RCE) vulnerabilities affecting Veeam Backup & Replication version 12. These flaws could let authenticated domain users execute malicious code on backup servers and infrastructure hosts, posing a severe threat to organizations. Two of the most dangerous vulnerabilities specifically impact domain-joined installations

Critical Veeam Backup RCE Flaws Allow Remote Execution of Malicious Code Read More »