Tag: rce
-
Critical Azure and Power Apps Vulnerabilities Allow Attackers to Exploit RCE
by
in SecurityNewsMicrosoft has patched four critical security vulnerabilities affecting its Azure cloud services and Power Apps platform that could allow attackers to escalate privileges, perform spoofing attacks, or access sensitive information. Security researchers discovered these high-severity flaws, with one receiving a maximum CVSS score of 10.0, underscoring the potential impact on enterprise environments. The most severe…
-
SAP NetWeaver bug exploited since January, allows RCE
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/sap-netweaver-bug-exploited-since-january-allows-rce
-
Chinese Hackers Exploit SAP RCE Vulnerability to Deploy Supershell Backdoors
by
in SecurityNewsA critical remote code execution (RCE) vulnerability, identified as CVE-2025-31324, in SAP NetWeaver Visual Composer 7.x is being actively exploited by a Chinese threat actor, tracked as Chaya_004. This deserialization flaw allows attackers to upload malicious binaries, including web shells, to unpatched servers, granting full system takeover capabilities. According to research from Forescout, exploitation has…
-
Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
by
in SecurityNewsA China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver.Forescout Vedere Labs, in a report published today, said it uncovered a malicious infrastructure likely associated with the hacking group weaponizing CVE-2025-31324 (CVSS score: 10.0) since April 29, 2025.CVE-2025-31324 refers to a critical SAP NetWeaver flaw First…
-
SonicWall Issues Patch for Exploit Chain in SMA Devices
by
in SecurityNewsThree vulnerabilities in SMA 100 gateways could facilitate root RCE attacks, and one of the vulnerabilities has already been exploited in the wild. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/sonicwall-patch-exploit-chain-sma-devices
-
Significant RCE compromise likely with SysAid vulnerabilities
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/significant-rce-compromise-likely-with-sysaid-vulnerabilities
-
Samsung MagicINFO 9 Server RCE flaw now exploited in attacks
by
in SecurityNewsHackers are exploiting an unauthenticated remote code execution (RCE) vulnerability in the Samsung MagicINFO 9 Server to hijack devices and deploy malware. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/samsung-magicinfo-9-server-rce-flaw-now-exploited-in-attacks/
-
Critical Langflow RCE flaw exploited to hack AI app servers
by
in SecurityNews
Tags: ai, cybersecurity, exploit, flaw, infrastructure, mitigation, rce, remote-code-execution, update, vulnerabilityThe U.S. Cybersecurity & Infrastructure Security Agency (CISA) has tagged a Langflow remote code execution vulnerability as actively exploited, urging organizations to apply security updates and mitigations as soon as possible. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-langflow-rce-flaw-exploited-to-hack-ai-app-servers/
-
RCE flaw in tool for building AI agents exploited by attackers (CVE-2025-3248)
by
in SecurityNewsA missing authentication vulnerability (CVE-2025-3248) in Langflow, a web application for building AI-driven agents, is being exploited by attackers in the wild, CISA has … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/06/langflow-cve-2025-3248-exploited/
-
Android Security Update -A Critical RCE Vulnerability Actively Exploited in the Wild
by
in SecurityNewsGoogle has released critical security patches for Android devices to address 57 vulnerabilities across multiple subsystems, including an actively exploited remote code execution flaw tracked as CVE-2025-27363. The May 2025 security bulletin confirms this high-severity vulnerability in Android’s System component enables local code execution without requiring additional privileges or user interaction. Devices running Android 13…
-
Wormable AirPlay Flaws Enable Zero-Click RCE on Apple Devices via Public Wi-Fi
by
in SecurityNewsCybersecurity researchers have disclosed a series of now-patched security vulnerabilities in Apple’s AirPlay protocol that, if successfully exploited, could enable an attacker to take over susceptible devices supporting the proprietary wireless technology.The shortcomings have been collectively codenamed AirBorne by Israeli cybersecurity company Oligo.”These vulnerabilities can be chained by First seen on thehackernews.com Jump to article:…
-
Hackers Exploit Critical NodeJS Vulnerabilities to Hijack Jenkins Agents for RCE
by
in SecurityNews
Tags: cyber, exploit, flaw, github, hacker, infrastructure, rce, remote-code-execution, risk, supply-chain, vulnerabilitySecurity researchers have identified critical vulnerabilities in the Node.js CI/CD infrastructure, exposing internal Jenkins agents to remote code execution and raising the risk of supply chain attacks. These flaws stemmed from the integration and communication gaps between multiple DevOps platforms-specifically GitHub Apps, GitHub Actions workflows, and Jenkins pipelines-that collectively manage Node.js’ continuous integration processes. Exploiting…
-
AirBorne flaws can lead to fully hijack Apple devices
by
in SecurityNewsVulnerabilities in Apple’s AirPlay protocol and SDK exposed Apple and third-party devices to attacks, including remote code execution. Oligo Security found serious flaws, collectively tracked as AirBorne, in Apple’s AirPlay protocol and SDK, affecting Apple and third-party devices. Attackers can exploit the vulnerabilities to perform zero-/one-click RCE, bypass ACLs, read local files, steal data, and…
-
Wormable AirPlay Zero-Click RCE Flaw Allows Remote Device Hijack via Wi-Fi
by
in SecurityNewsA major set of vulnerabilities-collectively named “AirBorne”-in Apple’s AirPlay protocol and SDK have been unveiled, enabling an array of severe attack vectors. Most critically, these flaws allow zero-click “wormable” Remote Code Execution (RCE), meaning attackers can take over Apple and third-party devices via Wi-Fi without any user interaction. The impact spans billions of devices globally, including…
-
Apple ‘AirBorne’ flaws can lead to zero-click AirPlay RCE attacks
by
in SecurityNews
Tags: apple, attack, data-breach, flaw, programming, rce, remote-code-execution, software, vulnerabilityA set of security vulnerabilities in Apple’s AirPlay Protocol and AirPlay Software Development Kit (SDK) exposed unpatched third-party and Apple devices to various attacks, including remote code execution. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apple-airborne-flaws-can-lead-to-zero-click-airplay-rce-attacks/
-
Commvault RCE Vulnerability Exploited”, PoC Released
by
in SecurityNewsEnterprises and managed service providers globally are now facing urgent security concerns following the disclosure of a major pre-authenticated remote code execution (RCE) vulnerability in Commvault’s on-premise backup and recovery software. The issue, tracked as CVE-2025-34028, has rocked the cybersecurity world, particularly after researchers published a fully working proof-of-concept (PoC) exploit. With attackers actively probing…
-
Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028)
by
in SecurityNewsIf your organization is using Commvault Command Center for your data protection, backup creation, configuration and restoration needs, you should check whether your on-premise … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/24/critical-commvault-rce-vulnerability-fixed-poc-available-cve-2025-34028/
-
Zyxel RCE Flaw Lets Attackers Run Commands Without Authentication
by
in SecurityNews
Tags: authentication, cyber, exploit, firewall, flaw, network, rce, remote-code-execution, vulnerability, zyxelSecurity researcher Alessandro Sgreccia (aka >>rainpwn
-
PoC Released for Critical Erlang/OTP SSH RCE Vulnerability
by
in SecurityNewsSecurity teams across industries are urgently patching systems following the public release of a proof-of-concept (PoC) exploit for a newly disclosed critical remote code execution (RCE) vulnerability in Erlang/OTP’s SSH implementation. The flaw, tracked as CVE-2025-32433 and assigned a maximum CVSS score of 10.0, enables unauthenticated attackers to execute arbitrary code, potentially taking complete control of affected systems.…
-
Critical Erlang/OTP SSH pre-auth RCE is ‘Surprisingly Easy’ to exploit, patch now
by
in SecurityNewsA critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-erlang-otp-ssh-pre-auth-rce-is-surprisingly-easy-to-exploit-patch-now/
-
Researchers Find CVSS 10.0 Severity RCE Vulnerability in Erlang/OTP SSH
by
in SecurityNewsSecurity researchers report CVE-2025-32433, a CVSS 10.0 RCE vulnerability in Erlang/OTP SSH, allowing unauthenticated code execution on exposed… First seen on hackread.com Jump to article: hackread.com/researchers-cvss-severity-rce-vulnerability-erlang-otp-ssh/
-
Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability
by
in SecurityNewsA recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven different organizations compromised to date.Tracked as CVE-2025-30406 (CVSS score: 9.0), the vulnerability refers to the use of a hard-coded cryptographic key that could expose internet-accessible servers to remote code execution attacks First seen…
-
RCE Exploit Uncovered in Ivanti VPN After Silent Patch Oversight
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/rce-exploit-uncovered-in-ivanti-vpn-after-silent-patch-oversight
-
Exploitation of Ivanti VPN flaw to achieve RCE detailed
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/exploitation-of-ivanti-vpn-flaw-to-achieve-rce-detailed
-
Ivanti 0-Day RCE Flaw Exploitation Details Revealed
by
in SecurityNews
Tags: cyber, cybersecurity, exploit, flaw, ivanti, rce, remote-code-execution, vulnerability, zero-dayA critical unauthenticated Remote Code Execution (RCE) vulnerability, CVE-2025-22457, has been disclosed by Ivanti, sparking concerns across the cybersecurity industry. The flaw, which affects several Ivanti products, allows attackers to execute arbitrary code remotely, potentially compromising sensitive enterprise environments. Researchers, including the Rapid7 vulnerability team, have provided a detailed breakdown of how the flaw was exploited and what…
-
Whatsapp plugs bug allowing RCE with spoofed filenames
by
in SecurityNewsWhatsapp makes for a popular attack vector: Whatsapp has been frequently targeted in the past for its popularity as an encrypted chatting platform. With over 10 billion downloads on Google Play Store alone, the platform makes for a lucrative target for threat actors.A similar security oversight was reported in July 2024 to be affecting the…
-
RCE flaw in MSP-friendly file sharing platform exploited by attackers (CVE-2025-30406)
by
in SecurityNewsA critical RCE vulnerability (CVE-2025-30406) affecting the Gladinet CentreStack file-sharing/remote access platform has been added to CISA’s Known Exploited … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/09/rce-gladinet-centrestack-file-sharing-exploited-cve-2025-30406/
-
CentreStack RCE exploited as zero-day to breach file sharing servers
by
in SecurityNewsHackers exploited a vulnerability in Gladinet CentreStack’s secure file-sharing software as a zero-day since March to breach storage servers First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/centrestack-rce-exploited-as-zero-day-to-breach-file-sharing-servers/
-
Ivanti Released Security Update With The Fixes for Critical Endpoint Manager RCE Vulnerabilities
by
in SecurityNewsIvanti, a prominent enterprise software provider, has issued an urgent security advisory today addressing multiple vulnerabilities in its Endpoint Manager (EPM) products. The updates for EPM 2024 SU1 and EPM 2022 SU7 resolve six critical and medium-severity flaws that could allow attackers to gain remote access, escalate privileges, or disrupt systems. While no exploitation has…
-
Over 5,000 Ivanti Connect Secure Devices Exposed to RCE Vulnerabilities
by
in SecurityNewsOver 5,000 Ivanti Connect Secure devices remain vulnerable to a critical remote code execution (RCE) flaw, according to data from the Shadowserver Foundation. The vulnerability, tracked as CVE-2025-22457, stems from a stack-based buffer overflow issue, enabling unauthenticated attackers to execute arbitrary code remotely. The flaw has already been exploited in the wild, raising alarms across the…