Tag: rce
-
TARmageddon flaw in abandoned Rust library enables RCE attacks
A high-severity vulnerability in the now-abandoned async-tar Rust library and its forks can be exploited to gain remote code execution on systems running unpatched software. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/tarmageddon-flaw-in-abandoned-rust-library-enables-rce-attacks/
-
Over 75,000 WatchGuard security devices vulnerable to critical RCE
Nearly 76,000 WatchGuard Firebox network security appliances are exposed on the public web and still vulnerable to a critical issue (CVE-2025-9242) that could allow a remote attacker to execute code without authentication. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-75-000-watchguard-security-devices-vulnerable-to-critical-rce/
-
Microsoft Patch Tuesday Oct 2025 Fixs 175 Vulnerabilities including 3 Zero-Days
Tags: exploit, flaw, microsoft, rce, remote-code-execution, update, vulnerability, windows, zero-dayOctober’s Microsoft Patch Tuesday fixes 170+ flaws, including 3 actively exploited zero-days and critical WSUS RCE (CVSS 9.8). Immediate patching is mandatory. Final free updates for Windows 10. First seen on hackread.com Jump to article: hackread.com/microsoft-patch-tuesday-oct-vulnerabilities-3-zero-days/
-
Critical Veeam Backup RCE Flaws Allow Remote Execution of Malicious Code
Tags: backup, cyber, flaw, infrastructure, malicious, rce, remote-code-execution, update, veeam, vulnerabilityVeeam has released an urgent security patch to address multiple critical remote code execution (RCE) vulnerabilities in Veeam Backup & Replication version 12. These flaws could allow authenticated domain users to run malicious code on backup servers and infrastructure hosts. With attackers likely to reverse-engineer the patch, organizations must apply the update without delay to…
-
CVE-2025-61882: Imperva Customers Protected Against Critical Oracle EBS Zero-Day RCE
TL;DR: In early October 2025, Oracle released an emergency security alert addressing CVE-2025-61882, a high-severity unauthenticated remote code execution (RCE) vulnerability in the Concurrent Processing / BI Publisher Integration component of Oracle E-Business Suite (EBS) versions 12.2.3 through 12.2.14. Multiple threat actors (most prominently Cl0p and related groups) are already exploiting it in the wild……
-
Zero-day in file-sharing software leads to RCE, and attacks are ongoing
Usually we’d say patch up”¦ not this time First seen on theregister.com Jump to article: www.theregister.com/2025/10/10/zeroday_in_filesharing_software_leads/
-
Apple doubles maximum bug bounty to $2M for zero-click RCEs
Apple raised bug bounties to $2M for zero-click RCEs, doubling payouts. Since 2020, it’s paid $35M to 800 researchers. Apple doubled its bug bounty rewards, now offering up to $2 million for zero-click remote code execution flaws. Since 2020, the tech giant has paid $35M to 800 researchers. Apple aims to pay exploit chains comparable…
-
Apple bumps RCE bug bounties to $2M to counter commercial spyware vendors
Higher difficulty means higher rewards: The culmination of that work is what Apple now calls Memory Integrity Enforcement (MIE) and is a feature of its new A19 and A19 Pro chips found in its iPhone 17 and iPhone Air lineup. MIE is leveraged in iOS to protect the entire kernel and over 70 userland processes,…
-
Apple now offers $2 million for zero-click RCE vulnerabilities
Apple is announcing a major expansion and redesign of its bug bounty program, doubling maximum payouts, adding new research categories, and introducing a more transparent reward structure. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apple-now-offers-2-million-for-zero-click-rce-vulnerabilities/
-
From LFI to RCE: Active Exploitation Detected in Gladinet and TrioFox Vulnerability
Tags: cve, cybersecurity, exploit, flaw, rce, remote-code-execution, software, vulnerability, zero-dayCybersecurity company Huntress said it has observed active in-the-wild exploitation of an unpatched security flaw impacting Gladinet CentreStack and TrioFox products.The zero-day vulnerability, tracked as CVE-2025-11371 (CVSS score: 6.1), is an unauthenticated local file inclusion bug that allows unintended disclosure of system files. It impacts all versions of the software prior to and First seen…
-
Response to Oracle Security Alert Advisory: Oracle E-Business Suite Pre-Auth RCE (CVE-2025-61882)
AttackIQ has released a new emulation in response to the Oracle Security Alert Advisory detailing the CVE-2025-61882 vulnerability, which impacts Oracle E-Business Suite versions 12.2.3 through 12.2.14. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/response-to-oracle-security-alert-advisory-oracle-e-business-suite-pre-auth-rce-cve-2025-61882/
-
Anatomy of a Modern Threat: Deconstructing the Figma MCP Vulnerability
Threat researchers recently disclosed a severe vulnerability in a Figma Model Context Protocol (MCP) server, as reported by The Hacker News. While the specific patch is important, the discovery itself serves as a critical wake-up call for every organization rushing to adopt AI. This incident provides a blueprint for a new class of attacks that…
-
Anatomy of a Modern Threat: Deconstructing the Figma MCP Vulnerability
Threat researchers recently disclosed a severe vulnerability in a Figma Model Context Protocol (MCP) server, as reported by The Hacker News. While the specific patch is important, the discovery itself serves as a critical wake-up call for every organization rushing to adopt AI. This incident provides a blueprint for a new class of attacks that…
-
Redis patches 13-Year-Old Lua flaw enabling Remote Code Execution
Redis warns of CVE-2025-49844, a Lua script flaw enabling RCE via use-after-free. Attackers need authenticated access to exploit it. Redis disclosed a critical RCE bug, tracked as CVE-2025-49844 (also known as “RediShell”, with a CVSS score of 10.0), where a malicious Lua script can exploit the garbage collector to trigger a use-after-free vulnerability and enable…
-
10.0-severity RCE flaw puts 60,000 Redis instances at risk
Tags: authentication, cloud, container, cve, data-breach, docker, exploit, flaw, group, Internet, network, rce, remote-code-execution, risk, vulnerabilityLack of Redis authentication is a widespread issue: While Redis supports authentication, it is often deployed without it, especially on internal networks, but also on the internet. For example, the Wiz researchers note that in 57% of cloud environments, Redis is deployed as a container image and the official Redis container on Docker Hub does…
-
#RediShell: Redis/Valkey Get ‘Perfect 10’ Critical RCE Vuln
Redis hell: CVSS 10.0 vulnerability in ubiquitous cloud storage layer. PATCH NOW. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/redis-valkey-redishell-richixbw/
-
#RediShell: Redis/Valkey Get ‘Perfect 10’ Critical RCE Vuln
Redis hell: CVSS 10.0 vulnerability in ubiquitous cloud storage layer. PATCH NOW. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/10/redis-valkey-redishell-richixbw/
-
Redis patches critical >>RediShell<< RCE vulnerability, update ASAP! (CVE-2025-49844)
Redis, the company behind the widely used in-memory data structure store of the same name, has released patches for a critical vulnerability (CVE-2025-49844) that may allow … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/07/redis-patches-critical-redishell-rce-vulnerability-update-asap-cve-2025-49844/
-
Redis patches critical >>RediShell<< RCE vulnerability, update ASAP! (CVE-2025-49844)
Redis, the company behind the widely used in-memory data structure store of the same name, has released patches for a critical vulnerability (CVE-2025-49844) that may allow … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/07/redis-patches-critical-redishell-rce-vulnerability-update-asap-cve-2025-49844/
-
Patch Now: ‘RediShell’ Threatens Cloud Via Redis RCE
A 13-year-old flaw with a CVSS score of 10 in the popular data storage service allows for full host takeover, and more than 300k instances are currently exposed. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/patch-now-redishell-redis-rce
-
CrowdStrike ties Oracle EBS RCE (CVE-2025-61882) to Cl0p attacks began Aug 9, 2025
CrowdStrike links Oracle EBS flaw CVE-2025-61882 (CVSS 9.8) to Cl0p, enabling unauthenticated RCE, first exploited on August 9, 2025. CrowdStrike researchers attributed with moderate confidence the exploitation of Oracle E-Business Suite flaw CVE-2025-61882 (CVSS 9.8) to the Cl0p group, also known as Graceful Spider. The critical bug allows unauthenticated remote code execution, with the first…
-
GoAnywhere 0-Day RCE Actively Exploited to Deliver Medusa Ransomware
Tags: advisory, cve, cvss, cyber, data-breach, exploit, flaw, ransomware, rce, remote-code-execution, threat, vulnerability, zero-dayA critical zero-day vulnerability in GoAnywhere MFT’s License Servlet is being actively exploited to deploy Medusa ransomware. On September 18, 2025, Fortra released an advisory disclosing CVE-2025-10035, a deserialization flaw with a perfect CVSS score of 10.0. Threat actors tracked as Storm-1175 have abused this issue to gain remote code execution (RCE) on exposed systems,…
-
13-Year-Old Redis RCE Flaw Lets Attackers Seize Complete Host Control
Tags: control, cve, cvss, cyber, cybersecurity, data, flaw, rce, remote-code-execution, vulnerabilityA remote code execution vulnerability discovered in Redis, the widely-used in-memory data structure store, has sent shockwaves through the cybersecurity community. The flaw, designated CVE-2025-49844 and dubbed >>RediShell
-
Western Digital My Cloud NAS devices vulnerable to unauthenticated RCE (CVE-2025-30247)
Western Digital has fixed a critical remote code execution vulnerability (CVE-2025-30247) in the firmware powering its My Cloud network-attached storage (NAS) devices, and has … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/30/western-digital-my-cloud-nas-cve-2025-30247/
-
Veeam RCE Exploit Allegedly Listed for Sale on Dark Web
Tags: backup, cyber, cybersecurity, dark-web, exploit, marketplace, rce, remote-code-execution, veeamA new dark web marketplace listing has sparked alarm in the cybersecurity community after a seller using the handle >>SebastianPereiro
-
RCE im Web Help Desk – Solarwinds patcht zum dritten Mal kritische Sicherheitslücke
First seen on security-insider.de Jump to article: www.security-insider.de/solarwinds-dritter-patch-kritische-sicherheitsluecke-a-470359c5523bcc290f2adcf15317176e/
-
Cisco ASA 0-Day RCE Flaw Actively Exploited in the Wild
A critical zero-day vulnerability in Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software is being actively exploited in the wild. Tracked as CVE-2025-20333, this remote code execution flaw allows an authenticated attacker to execute arbitrary code as root on affected devices. Cisco published an advisory on September…
-
How Regular CVE Scanning Reduces the Risk of RCE Attacks
Tags: attack, business, compliance, control, cve, cybersecurity, rce, remote-code-execution, resilience, risk, threat, vulnerabilityRemote Code Execution (RCE) attacks remain one of the most dangerous cybersecurity threats, allowing attackers to take full control of systems and cause severe business damage. Regular CVE scanning is a key part of how to prevent RCE attacks, helping organizations identify unpatched vulnerabilities, prioritize risks, and ensure timely remediation. This proactive approach also supports…