Tag: remote-code-execution
-
Critical Apache Commons Text Flaw Lets Hackers Execute Remote Code
A critical remote code execution vulnerability has been discovered in Apache Commons Text, affecting all versions prior to 1.10.0. The flaw, tracked as CVE-2025-46295, poses a significant security risk to organizations relying on the widely-used Java library for text manipulation and processing. The vulnerability resides in Apache Commons Text’s interpolation features, which are designed to…
-
Critical Apache Commons Text Flaw Lets Hackers Execute Remote Code
A critical remote code execution vulnerability has been discovered in Apache Commons Text, affecting all versions prior to 1.10.0. The flaw, tracked as CVE-2025-46295, poses a significant security risk to organizations relying on the widely-used Java library for text manipulation and processing. The vulnerability resides in Apache Commons Text’s interpolation features, which are designed to…
-
Microsoft warns MSMQ may fail after update, breaking apps
MSMQ becoming inactive;Internet Information Services (IIS) sites failing with “Insufficient resources to perform operation” errors;applications unable to write to queues;errors such as “The message file ‘C:\Windows\System32\msmq\storage*.mq’ cannot be created” when creating message files;misleading log entries such as “There is insufficient disk space or memory”, despite sufficient disk space and memory being available.Affected are servers running…
-
Zeroday Cloud hacking event awards $320,0000 for 11 zero days
The Zeroday Cloud hacking competition in London has awarded researchers $320,000 for demonstrating critical remote code execution vulnerabilities in components used in cloud infrastructure. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/zeroday-cloud-hacking-event-awards-320-0000-for-11-zero-days/
-
Chrome Security Update Fixes Remote Code Execution Flaws
Tags: browser, chrome, cyber, flaw, google, linux, remote-code-execution, update, vulnerability, windowsGoogle has released an emergency security update for the Chrome browser, addressing two high-severity vulnerabilities that could enable remote code execution attacks. The stable channel update version 143.0.7499.146/.147 is now rolling out to Windows, Mac, and Linux users.”‹ Critical Vulnerabilities Patched The update fixes two significant security flaws reported by external security researchers. The first…
-
NVIDIA Isaac Lab Flaw Enables Remote Code Execution
NVIDIA has disclosed a critical security vulnerability in Isaac Lab, a component of the NVIDIA Isaac Sim framework, that could allow attackers to execute arbitrary code remotely. The company released security patches in December 2025 to address the deserialization flaw tracked as CVE-2025-32210. CVE ID Description CVSS Score Severity CWE CVE-2025-32210 Deserialization vulnerability in NVIDIA Isaac…
-
Microsoft Outlines Mitigation for React2Shell RCE Vulnerability in React Server Components
Tags: authentication, cve, cvss, cyber, malicious, microsoft, mitigation, rce, remote-code-execution, risk, vulnerabilityMicrosoft has released comprehensive guidance on CVE-2025-55182, a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server Components and the Next.js framework. Assigned a maximum CVSS score of 10.0, this vulnerability enables attackers to execute arbitrary code on vulnerable servers through a single malicious HTTP request, representing an unprecedented risk to modern React-based web…
-
DenialService and Source Code Exposure in React Server Components
In early December 2025, the React core team disclosed two new vulnerabilities affecting React Server Components (RSC). These issues Denial-of-Service and Source Code Exposure were found by security researchers probing the fixes for the previous week’s critical RSC vulnerability, known as “React2Shell”. While these newly discovered bugs do not enable Remote Code Execution, meaning… First…
-
DenialService and Source Code Exposure in React Server Components
In early December 2025, the React core team disclosed two new vulnerabilities affecting React Server Components (RSC). These issues Denial-of-Service and Source Code Exposure were found by security researchers probing the fixes for the previous week’s critical RSC vulnerability, known as “React2Shell”. While these newly discovered bugs do not enable Remote Code Execution, meaning… First…
-
DenialService and Source Code Exposure in React Server Components
In early December 2025, the React core team disclosed two new vulnerabilities affecting React Server Components (RSC). These issues Denial-of-Service and Source Code Exposure were found by security researchers probing the fixes for the previous week’s critical RSC vulnerability, known as “React2Shell”. While these newly discovered bugs do not enable Remote Code Execution, meaning… First…
-
ZnDoor Malware Actively Exploits React2Shell to Breach Network Infrastructure
Tags: attack, breach, crypto, cyber, exploit, infrastructure, malware, network, remote-code-execution, threat, vulnerabilitySince December 2025, security operations centers have identified a rising threat targeting Japanese enterprises through the exploitation of React2Shell (CVE-2025-55182), a critical remote code execution vulnerability affecting React and Next.js applications. While initial attacks primarily deployed cryptocurrency miners, researchers discovered a more dangerous payload a previously unknown malware family designated ZnDoor. Evidence suggests this threat…
-
ZnDoor Malware Actively Exploits React2Shell to Breach Network Infrastructure
Tags: attack, breach, crypto, cyber, exploit, infrastructure, malware, network, remote-code-execution, threat, vulnerabilitySince December 2025, security operations centers have identified a rising threat targeting Japanese enterprises through the exploitation of React2Shell (CVE-2025-55182), a critical remote code execution vulnerability affecting React and Next.js applications. While initial attacks primarily deployed cryptocurrency miners, researchers discovered a more dangerous payload a previously unknown malware family designated ZnDoor. Evidence suggests this threat…
-
FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE
Multiple security vulnerabilities have been disclosed in the open-source private branch exchange (PBX) platform FreePBX, including a critical flaw that could result in an authentication bypass under certain configurations.The shortcomings, discovered by Horizon3.ai and reported to the project maintainers on September 15, 2025, are listed below -CVE-2025-61675 (CVSS score: 8.6) – Numerous First seen on…
-
Researcher Uncovers 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks
Tags: ai, attack, data, flaw, injection, intelligence, rce, remote-code-execution, theft, tool, vulnerabilityOver 30 security vulnerabilities have been disclosed in various artificial intelligence (AI)-powered Integrated Development Environments (IDEs) that combine prompt injection primitives with legitimate features to achieve data exfiltration and remote code execution.The security shortcomings have been collectively named IDEsaster by security researcher Ari Marzouk (MaccariTA), who discovered them First seen on thehackernews.com Jump to article:…
-
Google links more Chinese hacking groups to React2Shell attacks
Over the weekend, Google’s threat intelligence team linked five more Chinese hacking groups to attacks exploiting the maximum-severity “React2Shell” remote code execution vulnerability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-links-more-chinese-hacking-groups-to-react2shell-attacks/
-
âš¡ Weekly Recap: Apple 0-Days, WinRAR Exploit, LastPass Fines, .NET RCE, OAuth Scams & More
If you use a smartphone, browse the web, or unzip files on your computer, you are in the crosshairs this week. Hackers are currently exploiting critical flaws in the daily software we all rely on”, and in some cases, they started attacking before a fix was even ready.Below, we list the urgent updates you need…
-
Google links more Chinese hacking groups to React2Shell attacks
Over the weekend, Google’s threat intelligence team linked five more Chinese hacking groups to attacks exploiting the maximum-severity “React2Shell” remote code execution vulnerability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-links-more-chinese-hacking-groups-to-react2shell-attacks/
-
Critical pgAdmin Flaw Allows Attackers to Execute Shell Commands on Host
A new critical vulnerability in pgAdmin 4 allows remote attackers to bypass security filters and execute arbitrary shell commands on the host server. The flaw, tracked as CVE-2025-13780, exploits a weakness in how the popular PostgreSQL management tool processes database restoration files. CVE ID CVE-2025-13780 Severity Critical Vulnerability Type Remote Code Execution (RCE) Affected Component…
-
Critical pgAdmin Flaw Allows Attackers to Execute Shell Commands on Host
A new critical vulnerability in pgAdmin 4 allows remote attackers to bypass security filters and execute arbitrary shell commands on the host server. The flaw, tracked as CVE-2025-13780, exploits a weakness in how the popular PostgreSQL management tool processes database restoration files. CVE ID CVE-2025-13780 Severity Critical Vulnerability Type Remote Code Execution (RCE) Affected Component…
-
New “SOAPwn” .NET Flaws Expose Barracuda, Ivanti, and Microsoft Devices to RCE
Security researchers have unveiled a critical series of vulnerabilities in the .NET Framework’s HTTP client proxy architecture, dubbed >>SOAPwn,
-
Hackers exploit unpatched Gogs zero-day to breach 700 servers
An unpatched zero-day vulnerability in Gogs, a popular self-hosted Git service, has enabled attackers to gain remote code execution on Internet-facing instances and compromise hundreds of servers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/unpatched-gogs-zero-day-rce-flaw-actively-exploited-in-attacks/
-
Microsoft Patch Tuesday 2025 Year in Review
Tags: apt, attack, backdoor, cve, cyber, cybercrime, dos, exploit, flaw, malware, microsoft, ransomware, rce, remote-code-execution, service, software, threat, update, vulnerability, zero-dayMicrosoft addressed over 1,100 CVEs as part of Patch Tuesday releases in 2025, including 40 zero-day vulnerabilities. Key takeaways: Microsoft’s 2025 Patch Tuesday releases addressed 1,130 CVEs. This is the second year in a row where the CVE count was over 1,000. Elevation of Privilege vulnerabilities accounted for 38.3% of all Patch Tuesday vulnerabilities in…
-
Microsoft Patch Tuesday 2025 Year in Review
Tags: apt, attack, backdoor, cve, cyber, cybercrime, dos, exploit, flaw, malware, microsoft, ransomware, rce, remote-code-execution, service, software, threat, update, vulnerability, zero-dayMicrosoft addressed over 1,100 CVEs as part of Patch Tuesday releases in 2025, including 40 zero-day vulnerabilities. Key takeaways: Microsoft’s 2025 Patch Tuesday releases addressed 1,130 CVEs. This is the second year in a row where the CVE count was over 1,000. Elevation of Privilege vulnerabilities accounted for 38.3% of all Patch Tuesday vulnerabilities in…
-
Hidden .NET HTTP proxy behavior can open RCE flaws in apps, a security issue Microsoft won’t fix
Tags: api, control, credentials, cve, endpoint, exploit, flaw, framework, ivanti, leak, microsoft, monitoring, ntlm, powershell, programming, rce, remote-code-execution, service, vulnerabilityServiceDescriptionImporter class,” he said. “That mechanism alone enabled successful exploitation in products from Barracuda, Ivanti, Microsoft and Umbraco, and it took only a few days of review to find working cases.” The .NET Framework and ASP.NET are among the most popular programming languages for enterprise applications. When a developer wants their application to communicate with…
-
Microsoft Patch Tuesday 2025 Year in Review
Tags: apt, attack, backdoor, cve, cyber, cybercrime, dos, exploit, flaw, malware, microsoft, ransomware, rce, remote-code-execution, service, software, threat, update, vulnerability, zero-dayMicrosoft addressed over 1,100 CVEs as part of Patch Tuesday releases in 2025, including 40 zero-day vulnerabilities. Key takeaways: Microsoft’s 2025 Patch Tuesday releases addressed 1,130 CVEs. This is the second year in a row where the CVE count was over 1,000. Elevation of Privilege vulnerabilities accounted for 38.3% of all Patch Tuesday vulnerabilities in…
-
.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL
New research has uncovered exploitation primitives in the .NET Framework that could be leveraged against enterprise-grade applications to achieve remote code execution.WatchTowr Labs, which has codenamed the “invalid cast vulnerability” SOAPwn, said the issue impacts Barracuda Service Center RMM, Ivanti Endpoint Manager (EPM), and Umbraco 8. But the number of affected vendors is likely to…
-
News brief: RCE flaws persist as top cybersecurity threat
Check out the latest security news from the Informa TechTarget team. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366636017/News-brief-RCE-flaws-persist-as-top-cybersecurity-threat
-
PeerBlight Linux Malware Abuses React2Shell for Proxy Tunneling
Tags: backdoor, control, cve, cyber, cybersecurity, exploit, linux, malware, network, remote-code-execution, vulnerabilityCybersecurity researchers have uncovered a sophisticated Linux malware campaign exploiting the critical React2Shell vulnerability (CVE-2025-55182) to deploy multiple post-exploitation payloads. A newly identified backdoor dubbed >>PeerBlight