Tag: remote-code-execution
-
Cisco Unified CM Zero-Day RCE Under Attack, CISA Issues Warning
Tags: attack, cisa, cisco, communications, cve, cyber, exploit, flaw, kev, rce, remote-code-execution, service, vulnerability, zero-dayCISA has added CVE-2026-20045, a critical zero-day remote code execution (RCE) vulnerability in Cisco Unified Communications Manager (Unified CM), to its Known Exploited Vulnerabilities (KEV) catalog. Added on January 21, 2026, this flaw affects multiple Cisco Unified Communications products, including Unified CM, Unified CM Session Management Edition (SME), Unified CM IM & Presence Service, Cisco…
-
ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories
Most of this week’s threats didn’t rely on new tricks. They relied on familiar systems behaving exactly as designed, just in the wrong hands. Ordinary files, routine services, and trusted workflows were enough to open doors without forcing them.What stands out is how little friction attackers now need. Some activity focused on quiet reach and…
-
Zoom and GitLab Patch RCE, DoS, and 2FA Bypass Vulnerabilities
Tags: 2fa, business, dos, flaw, gitlab, infrastructure, programming, rce, remote-code-execution, software, update, vulnerabilityBoth platforms serve as backbone infrastructure for remote work and software development, making these flaws particularly dangerous for business continuity. The post Zoom and GitLab Patch RCE, DoS, and 2FA Bypass Vulnerabilities appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-zoom-gitlab-security-flaws-patched/
-
Cisco Unified Communications Zero-Day RCE Flaw Actively Exploited For Root Shell Access
Tags: access, cisco, communications, cve, cyber, exploit, flaw, rce, remote-code-execution, service, vulnerability, zero-dayCisco has warned customers of a critical zero-day vulnerability affecting several of its Unified Communications products, including Cisco Unified Communications Manager (Unified CM), Unified Communications Manager Session Management Edition (Unified CM SME), Unified Communications Manager IM & Presence Service (IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance. Tracked as CVE-2026-20045, the vulnerability carries…
-
RCE flaw in Cisco enterprise communications products probed by attackers (CVE-2026-20045)
Cisco has fixed a critical remote code execution vulnerability (CVE-2026-20045) in some of its unified communications solutions that’s being targeted by attackers in the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/21/cisco-enterprise-communications-cve-2026-20045/
-
Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws
Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in denial-of-service (DoS) and remote code execution.The most severe of the lot is a critical security flaw impacting Zoom Node Multimedia Routers (MMRs) that could permit a meeting participant to conduct remote code execution attacks. The vulnerability, tracked…
-
Critical Zoom Vulnerability Enables Remote Code Execution via Command Injection
A critical command injection vulnerability in Zoom Node Multimedia Routers (MMRs) has been disclosed, potentially allowing meeting participants to execute arbitrary code on vulnerable systems. The flaw affects Zoom Node Meetings Hybrid and Meeting Connector deployments, requiring immediate patching across enterprise environments. Vulnerability Overview Zoom Offensive Security identified a command injection flaw in Zoom Node…
-
Microsoft & Anthropic MCP Servers At Risk of RCE, Cloud Takeovers
Researchers found the popular model context protocol (MCP) servers, which are integral components of AI services, carry serious vulnerabilities. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/microsoft-anthropic-mcp-servers-risk-takeovers
-
Anthropic quietly fixed flaws in its Git MCP server that allowed for remote code execution
Prompt injection for the win First seen on theregister.com Jump to article: www.theregister.com/2026/01/20/anthropic_prompt_injection_flaws/
-
Cisco Secure Email Appliance RCE Exploited in Attacks
Cisco says attackers are actively exploiting CVE-2025-20393, a critical RCE flaw in Secure Email appliances. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cisco-secure-email-appliance-rce-exploited-in-attacks/
-
Cisco Secure Email Appliance RCE Exploited in Attacks
Cisco says attackers are actively exploiting CVE-2025-20393, a critical RCE flaw in Secure Email appliances. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cisco-secure-email-appliance-rce-exploited-in-attacks/
-
Cisco Secure Email Appliance RCE Exploited in Attacks
Cisco says attackers are actively exploiting CVE-2025-20393, a critical RCE flaw in Secure Email appliances. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cisco-secure-email-appliance-rce-exploited-in-attacks/
-
Critical AVEVA Software Flaws Allow Remote Code Execution With SYSTEM Privileges
AVEVA has disclosed seven critical and high-severity vulnerabilities in its Process Optimization software (formerly ROMeo) that could enable attackers to execute remote code with SYSTEM privileges and completely compromise industrial control systems. The security bulletin, published on January 13, 2026, affects AVEVA Process Optimization version 2024.1 and all prior versions. The most severe vulnerability, tracked…
-
Python-Bibliotheken für Hugging-Face-Modelle vergiftet
Tags: ai, apple, cve, exploit, intelligence, malware, ml, network, nvidia, rce, remote-code-execution, tool, vulnerabilityPython-Libraries sind mit manipulierten Metadaten in KI-Modellen infiziert und können beim Laden Schadcode ausgeführen.NeMo, Uni2TS und FlexTok, Python-Bibliotheken für Künstliche Intelligenz (KI) und Machine Learning (ML), die in Hugging-Face-Modellen verwendet werden, haben gravierende Schwächen. Wie Forschende von Palo Alto Networks’ Unit 42 herausgefunden haben, können Kriminelle diese nutzen, um Schadcode in Metadaten zu verstecken. Einmal…
-
JFrog Researchers Uncover RCE Exploit for Existing Redis Database Vulnerability
JFrog this week published an analysis of a vulnerability in Redis databases that may be more serious than initially thought following the discovery of a remote code execution (RCE) exploit. Researchers found that a stack buffer overflow vulnerability in Redis (CVE-2025-62507) can be used to run the XACKDEL command with multiple IDs to trigger a..…
-
Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways
Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month after the company disclosed that it had been exploited as a zero-day by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686.The vulnerability, tracked as…
-
Flaw in AI Libraries Exposes Models to Remote Code Execution
3 Major Tech Firms Shipped Vulnerable Open-Source Tools to Hugging Face. Researchers discovered remote code execution vulnerabilities in three AI libraries from Apple, Salesforce and Nvidia used by models with tens of millions of Hugging Face downloads, allowing attackers to hide malicious code in model metadata. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/flaw-in-ai-libraries-exposes-models-to-remote-code-execution-a-30519
-
January 2026 Microsoft Patch Tuesday: Actively exploited zero day needs attention
More priorities: Executives should also prioritize rapid patching and risk reduction efforts this month around the Windows Local Security Authority Subsystem Service Remote Code Execution, Windows Graphics Component Elevation of Privilege, and Windows Virtualization Based Security Enclave Elevation of Privilege flaws, Bicer said, as these vulnerabilities directly enable full system or trust boundary compromise.Strategic focus…
-
Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution
Fortinet has released updates to fix a critical security flaw impacting FortiSIEM that could allow an unauthenticated attacker to achieve code execution on susceptible instances.The operating system (OS) injection vulnerability, tracked as CVE-2025-64155, is rated 9.4 out of 10.0 on the CVSS scoring system.”An improper neutralization of special elements used in an OS command (‘OS…
-
FortiOS Vulnerability Allows Remote Code Execution Without Login
Fortinet warns a FortiOS flaw could allow unauthenticated remote code execution, making rapid patching critical. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/fortios-vulnerability-allows-remote-code-execution-without-login/
-
SAP January 2026 Security Patch Day Fixes Critical Injection and RCE Flaws
SAP released 17 new security notes on January 13, 2026, addressing vulnerabilities affecting widely deployed enterprise systems. The patch day includes four critical-severity flaws spanning SQL injection, remote code execution, and code injection attacks that could allow authenticated and unauthenticated threat actors to compromise SAP environments. Critical Vulnerabilities Demand Immediate Attention The most severe vulnerabilities…
-
CISA Flags Actively Exploited Gogs Vulnerability With No Patch
A high-severity security flaw in the Gogs Git service is being actively exploited, leading to remote code execution First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-flags-exploited-gogs-flaw-no/
-
High-severity bug in Broadcom software enables easy WiFi denial-of-service
Tags: access, attack, business, encryption, exploit, firmware, flaw, monitoring, network, remote-code-execution, risk, service, software, vulnerability, wifiChipset-level bugs linger: Researchers said the vulnerability highlights why protocol-stack implementation remains open to serious flaws. “This attack is both easy to execute and highly disruptive, underscoring that even mature and widely deployed network technologies can still yield new and serious attack vectors,” said Saumitra Das, vice president of engineering at Qualys. “Because the attack…
-
CISA orders feds to patch Gogs RCE flaw exploited in zero-day attacks
Tags: attack, cisa, exploit, flaw, government, rce, remote-code-execution, update, vulnerability, zero-dayCISA has ordered government agencies to secure their systems against a high-severity Gogs vulnerability that was exploited in zero-day attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-gogs-rce-flaw-exploited-in-zero-day-attacks/
-
Week in review: PoC for Trend Micro Apex Central RCE released, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Pharma’s most underestimated cyber risk isn’t a breach Chirag Shah, Global … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/11/week-in-review-poc-for-trend-micro-apex-central-rce-released-patch-tuesday-forecast/
-
CISA Urges Emergency Patching for Actively Exploited HPE OneView Flaw
CISA adds a critical HPE OneView flaw (CVE-2025-37164) to its KEV catalogue with a Jan 28 deadline. Learn how this 10.0 RCE bug puts server infrastructure at risk. First seen on hackread.com Jump to article: hackread.com/cisa-emergency-patching-exploit-hpe-oneview-flaw/
-
Trend Micro fixed a remote code execution in Apex Central
Trend Micro fixed three Apex Central flaws discovered by Tenable that could allow remote code execution or denial-of-service attacks. Trend Micro patched three flaws (CVE-2025-69258, CVE-2025-69259, CVE-2025-69260) in its Apex Central management console after Tenable disclosed details and PoC code. The researchers discovered the vulnerabilities in August 2025, which could enable remote code execution or denial-of-service attacks.…
-
Trend Micro Apex Central Flaws Enable Remote Code Execution
Trend Micro patched three Apex Central flaws that could allow unauthenticated remote code execution or service disruption. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/trend-micro-apex-central-flaws-enable-remote-code-execution/