Tag: rce
-
5-month-old F5 BIG-IP DoS bug becomes critical RCE exploited in the wild
/run/bigtlog.pipe and /run/bigstart.ltm and makes changes to system binaries, including /usr/bin/umount and /usr/sbin/httpd. Attackers have also been observed modifying the sys-eicheck utility, which relies on RPM integrity checks to verify on-disk executables.Log analysis can reveal patterns related to the attack. The user “f5hubblelcdadmin” accessing the iControl REST API from localhost, SELinux disable commands in auditd…
-
Critical F5 BIG-IP Flaw Upgraded to 9.8 RCE, Exploited in the Wild
F5 BIG-IP APM flaw CVE-2025-53521 escalates to critical 9.8 RCE, actively exploited. Patch now, check IoCs, and secure vulnerable systems immediately. First seen on hackread.com Jump to article: hackread.com/critical-f5-big-ip-flaw-upgrad-to-9-8-rce-exploited/
-
Claude AI Uncovers Zero-Day RCE Vulnerabilities in Vim and Emacs
Security researchers at Calif recently demonstrated the evolving power of artificial intelligence in vulnerability research by using Claude AI to uncover zero-day Remote Code Execution (RCE) flaws in both Vim and Emacs. The discoveries show that merely opening a malicious file in these popular text editors could allow attackers to execute arbitrary code and fully…
-
F5 BIG-IP Vulnerability Reclassified as RCE, Under Exploitation
CVE-2025-53521 was initially disclosed in October as a high-severity denial-of-service (DoS) flaw, but new information has revealed the bug is actually much more dangerous. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/fortinet-big-ip-vulnerability-reclassified-rce-exploitation
-
Fortinet BIG-IP Vulnerability Reclassified as RCE, Under Exploitation
CVE-2025-53521 was initially disclosed in October as a high-severity denial-of-service (DoS) flaw, but new information has revealed the bug is actually much more dangerous. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/fortinet-big-ip-vulnerability-reclassified-rce-exploitation
-
Attackers are exploiting RCE vulnerability in BIG-IP APM systems (CVE-2025-53521)
A critical unauthenticated remote code execution vulnerability (CVE-2025-53521) in F5’s BIG-IP Access Policy Manager (APM) solution is under active exploitation, the US … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/28/big-ip-apm-vulnerability-cve-2025-53521-exploited/
-
Attackers exploit critical Langflow RCE within hours as CISA sounds alarm
Tags: access, advisory, ai, api, attack, cisa, cloud, credentials, cve, cvss, data, data-breach, detection, endpoint, exploit, flaw, framework, github, infrastructure, injection, kev, malicious, monitoring, nvd, open-source, rce, remote-code-execution, software, supply-chain, threat, update, vulnerability, windowscredentials, was weaponized within 20 hours of the open-source AI-pipeline tool disclosing it.According to a Sysdig report, crooks started hitting a fleet of honeypot nodes with vulnerable instances across multiple cloud providers and regions right after they went live. Sysdig observed four such attempts within hours of deployment, with one attacker progressing to environment variable exfiltration.”This is…
-
Attackers exploit critical Langflow RCE within hours as CISA sounds alarm
Tags: access, advisory, ai, api, attack, cisa, cloud, credentials, cve, cvss, data, data-breach, detection, endpoint, exploit, flaw, framework, github, infrastructure, injection, kev, malicious, monitoring, nvd, open-source, rce, remote-code-execution, software, supply-chain, threat, update, vulnerability, windowscredentials, was weaponized within 20 hours of the open-source AI-pipeline tool disclosing it.According to a Sysdig report, crooks started hitting a fleet of honeypot nodes with vulnerable instances across multiple cloud providers and regions right after they went live. Sysdig observed four such attempts within hours of deployment, with one attacker progressing to environment variable exfiltration.”This is…
-
CISA sounds alarm on Langflow RCE, Trivy supply chain compromise after rapid exploitation
Tags: cisa, cve, cybersecurity, exploit, infrastructure, kev, rce, remote-code-execution, supply-chain, vulnerabilityThe US Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities catalog: CVE-2026-33017, a recently … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/27/cve-2026-33017-cve-2026-33634-exploited/
-
Attackers Rapidly Weaponize Critical Oracle WebLogic RCE, Honeypot Study Finds
Attackers rapidly exploited a critical Oracle WebLogic RCE flaw the same day exploit code was released, according to a CloudSEK honeypot study First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/critical-oracle-weblogic-rce/
-
Which Came First: The System Prompt, or the RCE?
During a recent penetration test, we came across an AI-powered desktop application that acted as a bridge between Claude (Opus 4.5) and a third-party asset management platform. The idea is simple: instead of clicking through dashboards and making API calls, users just ask the agent to do it for them. “How many open tickets do……
-
PTC warns of imminent threat from critical Windchill, FlexPLM RCE bug
PTC Inc. is warning of a critical vulnerability in Windchill and FlexPLM, widely used product lifecycle management (PLM) solutions, that could allow remote code execution. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ptc-warns-of-imminent-threat-from-critical-windchill-flexplm-rce-bug/
-
Oracle issues emergency fix for pre-auth RCE in Identity Manager (CVE-2026-21992)
Oracle has released an out-of-band patch for a critical and easily exploitable vulnerability (CVE-2026-21992) in Oracle Identity Manager and Oracle Web Services Manager. The … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/23/oracle-emergency-fix-cve-2026-21992/
-
Oracle fixes critical RCE flaw CVE-2026-21992 in Identity Manager
Tags: control, cve, flaw, identity, oracle, rce, remote-code-execution, service, update, vulnerabilityOracle fixed a critical severity flaw, tracked as CVE-2026-21992, enabling unauthenticated remote code execution in Identity Manager. Oracle released security updates to address a critical vulnerability, tracked as CVE-2026-21992 (CVSS score of 9.8), affecting Identity Manager and Web Services Manager. The flaw lets unauthenticated attackers over HTTP take control of Oracle Identity Manager and Web…
-
Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
Tags: authentication, cve, cvss, exploit, flaw, identity, oracle, rce, remote-code-execution, service, update, vulnerabilityOracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited to achieve remote code execution.The vulnerability, tracked as CVE-2026-21992, carries a CVSS score of 9.8 out of a maximum of 10.0.”This vulnerability is remotely exploitable without authentication,” Oracle said in an advisory. “If…
-
Oracle Fixes High-Severity RCE Vulnerability Affecting Identity and Web Services Platforms
Oracle recently issued an urgent security alert regarding a critical Remote Code Execution (RCE) flaw that impacts both Oracle Identity Manager and Oracle Web Services Manager. Tracked as CVE-2026-21992, this vulnerability allows attackers to compromise systems remotely without requiring any user authentication. Organizations utilizing these affected Fusion Middleware components must act immediately to prevent potential…
-
Oracle pushes emergency fix for critical Identity Manager RCE flaw
Oracle has released an out-of-band security update to fix a critical unauthenticated remote code execution vulnerability in Identity Manager and Web Services Manager tracked as CVE-2026-21992. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/oracle-pushes-emergency-fix-for-critical-identity-manager-rce-flaw/
-
Patch Now: Oracle’s Fusion Middleware Has Critical RCE Flaw
Tags: authentication, data-breach, flaw, identity, oracle, rce, remote-code-execution, service, updateAttackers can execute arbitrary code without authentication if Oracle’s Identity or Web Services Managers are exposed to the Web. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/patch-oracle-fusion-middleware-rce-flaw
-
Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover
Sansec is warning of a critical security flaw in Magento’s REST API that could allow unauthenticated attackers to upload arbitrary executables and achieve code execution and account takeover.The vulnerability has been codenamed PolyShell by Sansec owing to the fact that the attack hinges on disguising malicious code as an image. There is no evidence that…
-
New Critical Jenkins Vulnerabilities Put CI/CD Servers at Risk of RCE Exploits
Tags: advisory, automation, credentials, cyber, exploit, flaw, network, rce, remote-code-execution, risk, vulnerabilityThe Jenkins project released a critical security advisory addressing multiple vulnerabilities in its core automation server and the LoadNinja plugin. These flaws expose continuous integration and continuous deployment (CI/CD) environments to severe risks, including arbitrary file creation, credential exposure, and remote code execution (RCE). Because Jenkins controllers often hold elevated privileges across enterprise networks, administrators…
-
New ‘PolyShell’ flaw allows unauthenticated RCE on Magento e-stores
A newly disclosed vulnerability dubbed ‘PolyShell’ affects all Magento Open Source and Adobe Commerce stable version 2 installations, allowing unauthenticated code execution and account takeover. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-polyshell-flaw-allows-unauthenticated-rce-on-magento-e-stores/
-
Pyronut Package Backdoors Telegram Bots With RCE
Malicious ‘Pyronut’ is a trojanized Python package that backdoors Telegram bots and userbots, giving attackers remote code execution over both the Telegram session and the underlying host system.”‹ The malicious package , pyronut , was uploaded to PyPI as a fake alternative to pyrogram, a widely used Telegram MTProto API framework with around 370,000 monthly downloads. Instead of…
-
Interlock group exploiting the CISCO FMC flaw CVE-2026-20131 36 days before disclosure
Tags: attack, cisco, cve, exploit, firewall, flaw, group, ransomware, rce, remote-code-execution, vulnerability, zero-dayThe Interlock ransomware group has exploited a Cisco FMC zero-day RCE vulnerability in attacks since late January. The Interlock ransomware group has been exploiting a critical zero-day RCE vulnerability, tracked as CVE-2026-20131 (CVSS score of 10.0), in Cisco Secure Firewall Management Center (FMC) since late January. The vulnerability is a remote code execution flaw that…
-
Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE
Cybersecurity researchers have disclosed a critical security flaw impacting the GNU InetUtils telnet daemon (telnetd) that could be exploited by an unauthenticated remote attacker to execute arbitrary code with elevated privileges.The vulnerability, tracked as CVE-2026-32746, carries a CVSS score of 9.8 out of 10.0. It has been described as a case of out-of-bounds write in…
-
Critical Unpatched Telnetd Flaw (CVE-2026-32746) Enables Unauthenticated Root RCE via Port 23
Cybersecurity researchers have disclosed a critical security flaw impacting the GNU InetUtils telnet daemon (telnetd) that could be exploited by an unauthenticated remote attacker to execute arbitrary code with elevated privileges.The vulnerability, tracked as CVE-2026-32746, carries a CVSS score of 9.8 out of 10.0. It has been described as a case of out-of-bounds write in…
-
AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE
Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence (AI) code execution environments using domain name system (DNS) queries.In a report published Monday, BeyondTrust revealed that Amazon Bedrock AgentCore Code Interpreter’s sandbox mode permits outbound DNS queries that an attacker can exploit to enable interactive shells First seen…
-
Microsoft Issues Hotpatch for Windows 11 RRAS RCE Bugs
Microsoft released an emergency hotpatch for Windows 11 to fix critical RRAS remote code execution flaws. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/microsoft-issues-hotpatch-for-windows-11-rras-rce-bugs/
-
Microsoft Issues OutBand Patch for Critical Windows 11 RRAS RCE Flaws
Microsoft released an urgent out-of-band security update on March 13, 2026, to address a series of critical vulnerabilities in Windows 11. The update, identified as hotpatch KB5084597, specifically resolves Remote Code Execution (RCE) flaws within the Windows Routing and Remote Access Service (RRAS) management tool. Because these security gaps pose an immediate risk of remote…
-
Microsoft releases Windows 11 OOB hotpatch to fix RRAS RCE flaw
Microsoft has released an out-of-band (OOB) update to fix a security vulnerabilities affecting Windows 11 Enterprise devices that receive hotpatch updates instead of the regular Patch Tuesday cumulative updates. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-11-oob-hotpatch-to-fix-rras-rce-flaw/
-
Veeam warns admins to patch now as critical RCE flaws hit Backup & Replication
Tags: access, backup, control, cve, data, exploit, flaw, group, infrastructure, ransomware, rce, remote-code-execution, update, veeam, vulnerabilityPatches are available: Veeam warned that organizations should apply the patched build promptly, noting that vulnerability disclosures frequently trigger attempts by attackers to reverse-engineer patches and develop exploits for unpatched systems.The issues were fixed in Veeam Backup & Replication 12.3.2.4465, and organizations running unsupported or older builds should assume they are vulnerable and upgrade immediately.…