Tag: rce
-
Lateral Movement und RCE – Angriffe über Ivanti Endpoint Manager Mobile laufen
First seen on security-insider.de Jump to article: www.security-insider.de/sicherheitsluecken-ivanti-endpoint-manager-mobile-updates-a-aca050adf9926475b601d024c1aaff43/
-
Malicious Commands in GitHub Codespaces Enable RCE
Flaws in GitHub Codespaces allow RCE via crafted repositories or pull requests First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/malicious-commands-in-github/
-
ThreatsDay Bulletin: Codespaces RCE, AsyncRAT C2, BYOVD Abuse, AI Cloud Intrusions & 15+ Stories
This week didn’t produce one big headline. It produced many small signals — the kind that quietly shape what attacks will look like next.Researchers tracked intrusions that start in ordinary places: developer workflows, remote tools, cloud access, identity paths, and even routine user actions. Nothing looked dramatic on the surface. That’s the point. Entry is…
-
SolarWinds RCE bug makes Cisa list as exploitation spreads
Exploitation of CVE-2025-40551, an RCE flaw affecting SolarWinds Web Help Desk, appears to be spreading, and defenders are on high alert. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366638837/SolarWinds-RCE-bug-makes-Cisa-list-as-exploitation-spreads
-
LookOut: Discovering RCE and Internal Access on Looker (Google Cloud On-Prem)
Tenable Research discovered two novel vulnerabilities in Google Looker that could allow an attacker to completely compromise a Looker instance. Google moved swiftly to patch these issues. Organizations running Looker on-prem should verify they have upgraded to the patched versions. Key takeaways Two novel vulnerabilities: Tenable Research discovered a remote code execution (RCE) chain via…
-
Google Looker Bugs Allow Cross-Tenant RCE, Data Exfil
Attackers could even have used one vulnerable Lookout user to gain access to other GCP tenants’ environments. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/google-looker-bugs-cross-tenant-rce-data-exfil
-
CISA Adds SolarWinds Web Help Desk RCE Flaw to Known Exploited Vulnerabilities List
Tags: cisa, cyber, cybersecurity, data, exploit, flaw, infrastructure, kev, rce, remote-code-execution, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a newly disclosed vulnerability CVE”‘2025″‘40551 affecting SolarWinds Web Help Desk (WHD) to its Known Exploited Vulnerabilities (KEV) catalog. The flaw is rated critical because it enables remote code execution (RCE) and can be exploited without authentication. According to CISA, the issue stems from a deserialization of untrusted data weakness (CWE”‘502), which allows attackers…
-
CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog
Tags: cisa, cve, cybersecurity, data, exploit, flaw, infrastructure, kev, rce, remote-code-execution, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) to its Known Exploited Vulnerabilities (KEV) catalog, flagging it as actively exploited in attacks.The vulnerability, tracked as CVE-2025-40551 (CVSS score: 9.8), is a untrusted data deserialization vulnerability that could pave the way for remote…
-
CISA flags critical SolarWinds RCE flaw as exploited in attacks
CISA has flagged a critical SolarWinds Web Help Desk vulnerability as actively exploited in attacks and ordered federal agencies to patch their systems within three days. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-flags-critical-solarwinds-rce-flaw-as-actively-exploited/
-
Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package
Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular “@react-native-community/cli” npm package.Cybersecurity company VulnCheck said it first observed exploitation of CVE-2025-11953 (aka Metro4Shell) on December 21, 2025. With a CVSS score of 9.8, the vulnerability allows remote unauthenticated attackers to execute arbitrary First seen on thehackernews.com…
-
DockerDash Exposes AI Supply Chain Weakness In Docker’s Ask Gordon
DockerDash vulnerability allows RCE and data exfiltration via unverified metadata in Ask Gordon First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/dockerdash-weakness-dockers-ask/
-
OpenClaw patches one-click RCE as security Whac-A-Mole continues
Researchers disclose rapid exploit chain that let attackers run code via a single malicious web page First seen on theregister.com Jump to article: www.theregister.com/2026/02/02/openclaw_security_issues/
-
Ivanti Fixes Actively Exploited RCE Flaws in Endpoint Manager Mobile
Ivanti patched actively exploited EPMM flaws that enable unauthenticated remote code execution. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/ivanti-fixes-actively-exploited-rce-flaws-in-endpoint-manager-mobile/
-
Second Round of Critical RCE Bugs in n8n Spikes Corporate Risk
A new around of vulnerabilities in the popular AI automation platform could let attackers hijack servers and steal credentials, allowing full takeover. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/critical-flaws-n8n-compromise-customer-security
-
SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score
SmarterTools has addressed two more security flaws in SmarterMail email software, including one critical security flaw that could result in arbitrary code execution.The vulnerability, tracked as CVE-2026-24423, carries a CVSS score of 9.3 out of 10.0.”SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API First seen…
-
Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released
Tags: attack, cve, cybersecurity, endpoint, exploit, flaw, infrastructure, ivanti, kev, mobile, rce, remote-code-execution, update, vulnerability, zero-dayIvanti has rolled out security updates to address two security flaws impacting Ivanti Endpoint Manager Mobile (EPMM) that have been exploited in zero-day attacks, one of which has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog.The critical-severity vulnerabilities are listed below -CVE-2026-1281 (CVSS score: First…
-
SolarWinds addressed four critical Web Help Desk flaws
SolarWinds patched six Web Help Desk vulnerabilities, including four critical flaws exploitable without authentication for RCE or auth bypass. SolarWinds released security updates to address six Web Help Desk vulnerabilities, including four critical bugs that allow unauthenticated remote code execution or authentication bypass. The three critical flaws found by watchTowr, and specifically by researcher Piotr…
-
ThreatsDay Bulletin: New RCEs, Darknet Busts, Kernel Bugs & 25+ More Stories
This week’s updates show how small changes can create real problems. Not loud incidents, but quiet shifts that are easy to miss until they add up. The kind that affects systems people rely on every day.Many of the stories point to the same trend: familiar tools being used in unexpected ways. Security controls are being…
-
Critical RCE bugs expose the n8n automation platform to host”‘level compromise
Python code node escape breaks isolation: JFrog also identified a separate sandbox escape affecting n8n’s Python Code node when the platform is configured to use its “Internal” execution mode. In this case, restrictions intended to contain Python code execution can be bypassed, again allowing authenticated users to run arbitrary code outside the sandbox.The second issue,…
-
SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass
SolarWinds has released security updates to address multiple security vulnerabilities impacting SolarWinds Web Help Desk, including four critical vulnerabilities that could result in authentication bypass and remote code execution (RCE).The list of vulnerabilities is as follows -CVE-2025-40536 (CVSS score: 8.1) – A security control bypass vulnerability that could allow an unauthenticated First seen on thehackernews.com…
-
SolarWinds fixes critical Web Help Desk RCE vulnerabilities, upgrade ASAP!
SolarWinds has fixed six critical and high-severity vulnerabilities in its popular Web Help Desk (WHD) support ticketing and asset management solution, and is urging customers … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/29/solarwinds-web-help-desk-rce-vulnerabilities/
-
SolarWinds, again: Critical RCE bugs reopen old wounds for enterprise security teams
Tags: access, attack, authentication, awareness, breach, cisco, control, credentials, cve, cybersecurity, data, exploit, flaw, fortinet, infrastructure, malicious, programming, radius, rce, remote-code-execution, software, threat, update, vulnerabilityRemote code execution and data deserialization vulnerabilities CVE-2025-40551 (critical) and CVE-2025-40553 (critical);Authentication and bypass security flaws CVE-2025-40552 (critical), CVE-2025-40554 (critical), CVE-2025-40536 (high), and CVE-2025-40537 (high).CVE-2025-40551 and CVE-2025-40553 make WHD susceptible to untrusted data deseralization that could allow attackers to run commands on the host machine. The flaw could be exploited without authentication.The other two critical…
-
New sandbox escape flaw exposes n8n instances to RCE attacks
Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-sandbox-escape-flaw-exposes-n8n-instances-to-rce-attacks/
-
Critical and High Severity n8n Sandbox Flaws Allow RCE
Two critical security flaws in n8n have exposed sandboxing vulnerabilities, enabling remote code execution for attackers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/n8n-sandbox-flaws-allow-rce/
-
SolarWinds warns of critical Web Help Desk RCE, auth bypass flaws
SolarWinds has released security updates to patch critical authentication bypass and remote command execution vulnerabilities in its Web Help Desk IT help desk software. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/solarwinds-warns-of-critical-web-help-desk-rce-auth-bypass-flaws/
-
Over 6,000 SmarterMail Servers Exposed to Actively Exploited RCE Vulnerability
Tags: cve, cyber, data-breach, detection, email, exploit, rce, remote-code-execution, threat, vulnerabilityApproximately 6,000 vulnerable SmarterTools SmarterMail installations globally are all exposed to an actively exploited remote code execution vulnerability. The vulnerability, tracked as CVE-2026-23760, poses an immediate threat to organisations relying on SmarterMail for email and collaboration services. The Shadowserver Foundation integrated CVE-2026-23760 detection into their daily vulnerable HTTP scans, flagging susceptible servers based on version…
-
Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas
A critical security flaw has been disclosed in Grist”‘Core, an open-source, self-hosted version of the Grist relational spreadsheet-database, that could result in remote code execution.The vulnerability, tracked as CVE-2026-24002 (CVSS score: 9.1), has been codenamed Cellbreak by Cyera Research Labs.”One malicious formula can turn a spreadsheet into a Remote Code Execution (RCE) beachhead,” First seen…
-
CISA Flags Actively Exploited VMware vCenter RCE Flaw in KEV Catalog
Tags: cisa, cybersecurity, exploit, flaw, infrastructure, kev, rce, remote-code-execution, vcenter, vmware, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting VMware vCenter Server to its Known Exploited Vulnerabilities (KEV) catalog, confirming that the flaw is being actively exploited in real-world attacks. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/vmware-vcenter-cve-2024-37079-exploited/
-
PoC Released for GNU InetUtils telnetd RCE as 800K+ Exposed Instances Remain Online
A proof-of-concept exploit for CVE-2026-24061, a critical remote code execution vulnerability in the GNU Inetutils telnetd, has surfaced, with security researchers warning that over 800,000 vulnerable instances remain publicly accessible on the internet. The vulnerability allows unauthenticated attackers to execute arbitrary commands on affected systems running vulnerable versions of the telnetd service. Vulnerability Overview CVE-2026-24061…
-
CISA says critical VMware RCE flaw now actively exploited
CISA has flagged a critical VMware vCenter Server vulnerability as actively exploited and ordered U.S. federal agencies to secure their servers within three weeks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-says-critical-vmware-rce-flaw-now-actively-exploited/