Tag: remote-code-execution
-
4.3M Users Exposed in ShadyPanda’s Long-Running Browser Hack
ShadyPanda spent years hiding inside Google-verified extensions before unleashing an RCE backdoor that compromised 4.3 million users. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/4-3m-users-exposed-in-shadypandas-long-running-browser-hack/
-
Schwachstelle für Malware-Verteilung genutzt – Notfall-Update für kritische RCE-Sicherheitslücke in WSUS
First seen on security-insider.de Jump to article: www.security-insider.de/microsoft-notfall-patch-kritische-wsus-sicherheitsluecke-a-d338bab93ebc2563e1999cae18f17e00/
-
âš¡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More
Hackers aren’t kicking down the door anymore. They just use the same tools we use every day, code packages, cloud accounts, email, chat, phones, and “trusted” partners, and turn them against us.One bad download can leak your keys. One weak vendor can expose many customers at once. One guest invite, one link on a phone,…
-
PoC Released for Outlook “MonikerLink” RCE Flaw Allowing Remote Code Execution
Security researchers have released a proof-of-concept (PoC) exploit for CVE-2024-21413, a critical remote code execution vulnerability in Microsoft Outlook dubbed >>MonikerLink.
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 73
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Analysis of ShadowPad Attack Exploiting WSUS Remote Code Execution Vulnerability (CVE-2025-59287) Shai-Hulud 2.0 Supply Chain Attack: 25K+ npm Repos Exposed Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications Morphisec Thwarts Russian-Linked…
-
Microsofts Update Health Tools (KB4023057) war per RCE angreifbar
Die Microsofts Update Health Tools (KB4023057) Deutsch “Integritätstools Windows Update Service-Komponenten” war in der Version 1.0 angreifbar und ermöglichte Remote Code Execution-Angriffe. In der Version 1.1 sind zumindest Systeme für den EU-Bereich geschützt, wenn ich es richtig interpretiere. … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/30/microsofts-update-health-tools-kb4023057-war-per-rce-angreifbar/
-
Windows-Schwachstelle CVE-2025-59287 wird für ShadowPad-Malware-Verteilung per WSUS genutzt
In Windows Server gab es eine mit einem CVSS Score von 9.8 bewertete kritische RCE-Schwachstelle CVE-2025-59287 im WSUS-Teil, mit dem sich die Systeme übernehmen lassen. Die Schwachstelle wurde im Oktober 2025 mit Sicherheitsupdates geschlossen. Nun gibt es Berichte, dass Angreifer … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/28/windows-schwachstelle-cve-2025-59287-wird-fuer-shadowpad-malware-verteilung-per-wsus-genutzt/
-
Critical vLLM Flaw Puts AI Systems at Risk of Remote Code Execution
A critical flaw in vLLM allows attackers to crash AI servers or execute code remotely by sending malicious prompt embeddings to the Completions API. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/artificial-intelligence/critical-vllm-flaw-puts-ai-systems-at-risk-of-remote-code-execution/
-
Critical Fluent Bit Vulnerabilities Allow Remote Attacks on Cloud Environments
Tags: attack, authentication, cloud, container, cyber, open-source, remote-code-execution, risk, vulnerabilityFive newly discovered critical vulnerabilities in Fluent Bit, the open-source log processor embedded in billions of containers, are sending shockwaves through the cloud security community. Oligo Security’s research uncovers attack chains that enable adversaries to bypass authentication, perform path traversal, hijack tags, and even achieve remote code execution all of which risk the very foundation…
-
Fluent Bit vulnerabilities could enable full cloud takeover
Tags: backdoor, cloud, computing, container, cve, docker, flaw, malicious, open-source, remote-code-execution, vulnerabilityFile writes, container overflow, and full agent takeover: Oligo also disclosed a chain of remote code execution (RCE) and path traversal vulnerabilities affecting the tool. CVE-2025-12972 targets the “out_file” output plugin. When Tag values are user-controlled, and no fixed File parameter is set, attackers can abuse the Tag value (e.g.,”../”) to cause path-traversal file writes…
-
Fluent Bit vulnerabilities could enable full cloud takeover
Tags: backdoor, cloud, computing, container, cve, docker, flaw, malicious, open-source, remote-code-execution, vulnerabilityFile writes, container overflow, and full agent takeover: Oligo also disclosed a chain of remote code execution (RCE) and path traversal vulnerabilities affecting the tool. CVE-2025-12972 targets the “out_file” output plugin. When Tag values are user-controlled, and no fixed File parameter is set, attackers can abuse the Tag value (e.g.,”../”) to cause path-traversal file writes…
-
Fluent Bit vulnerabilities could enable full cloud takeover
Tags: backdoor, cloud, computing, container, cve, docker, flaw, malicious, open-source, remote-code-execution, vulnerabilityFile writes, container overflow, and full agent takeover: Oligo also disclosed a chain of remote code execution (RCE) and path traversal vulnerabilities affecting the tool. CVE-2025-12972 targets the “out_file” output plugin. When Tag values are user-controlled, and no fixed File parameter is set, attackers can abuse the Tag value (e.g.,”../”) to cause path-traversal file writes…
-
Fluent Bit vulnerabilities could enable full cloud takeover
Tags: backdoor, cloud, computing, container, cve, docker, flaw, malicious, open-source, remote-code-execution, vulnerabilityFile writes, container overflow, and full agent takeover: Oligo also disclosed a chain of remote code execution (RCE) and path traversal vulnerabilities affecting the tool. CVE-2025-12972 targets the “out_file” output plugin. When Tag values are user-controlled, and no fixed File parameter is set, attackers can abuse the Tag value (e.g.,”../”) to cause path-traversal file writes…
-
Critical Fluent Bit Vulnerabilities Allow Remote Attacks on Cloud Environments
Tags: attack, authentication, cloud, container, cyber, open-source, remote-code-execution, risk, vulnerabilityFive newly discovered critical vulnerabilities in Fluent Bit, the open-source log processor embedded in billions of containers, are sending shockwaves through the cloud security community. Oligo Security’s research uncovers attack chains that enable adversaries to bypass authentication, perform path traversal, hijack tags, and even achieve remote code execution all of which risk the very foundation…
-
Critical Fluent Bit Vulnerabilities Allow Remote Attacks on Cloud Environments
Tags: attack, authentication, cloud, container, cyber, open-source, remote-code-execution, risk, vulnerabilityFive newly discovered critical vulnerabilities in Fluent Bit, the open-source log processor embedded in billions of containers, are sending shockwaves through the cloud security community. Oligo Security’s research uncovers attack chains that enable adversaries to bypass authentication, perform path traversal, hijack tags, and even achieve remote code execution all of which risk the very foundation…
-
Critical Fluent Bit Vulnerabilities Allow Remote Attacks on Cloud Environments
Tags: attack, authentication, cloud, container, cyber, open-source, remote-code-execution, risk, vulnerabilityFive newly discovered critical vulnerabilities in Fluent Bit, the open-source log processor embedded in billions of containers, are sending shockwaves through the cloud security community. Oligo Security’s research uncovers attack chains that enable adversaries to bypass authentication, perform path traversal, hijack tags, and even achieve remote code execution all of which risk the very foundation…
-
New Fluent Bit Flaws Expose Cloud to RCE and Stealthy Infrastructure Intrusions
Cybersecurity researchers have discovered five vulnerabilities in Fluent Bit, an open-source and lightweight telemetry agent, that could be chained to compromise and take over cloud infrastructures.The security defects “allow attackers to bypass authentication, perform path traversal, achieve remote code execution, cause denial-of-service conditions, and manipulate tags,” Oligo Security said in First seen on thehackernews.com Jump…
-
Attackers deliver ShadowPad via newly patched WSUS RCE bug
Attackers exploited a patched WSUS flaw (CVE-2025-59287) to gain access, use PowerCat for a shell, and deploy the ShadowPad malware. AhnLab SEcurity intelligence Center (ASEC) researchers reported that threat actors exploited a recently patched WSUS flaw (CVE-2025-59287) to deliver the ShadowPad malware. ShadowPad is a backdoor widely used by China-linked APT groups and privately sold…
-
Attackers deliver ShadowPad via newly patched WSUS RCE bug
Attackers exploited a patched WSUS flaw (CVE-2025-59287) to gain access, use PowerCat for a shell, and deploy the ShadowPad malware. AhnLab SEcurity intelligence Center (ASEC) researchers reported that threat actors exploited a recently patched WSUS flaw (CVE-2025-59287) to deliver the ShadowPad malware. ShadowPad is a backdoor widely used by China-linked APT groups and privately sold…
-
Attackers deliver ShadowPad via newly patched WSUS RCE bug
Attackers exploited a patched WSUS flaw (CVE-2025-59287) to gain access, use PowerCat for a shell, and deploy the ShadowPad malware. AhnLab SEcurity intelligence Center (ASEC) researchers reported that threat actors exploited a recently patched WSUS flaw (CVE-2025-59287) to deliver the ShadowPad malware. ShadowPad is a backdoor widely used by China-linked APT groups and privately sold…
-
Attackers deliver ShadowPad via newly patched WSUS RCE bug
Attackers exploited a patched WSUS flaw (CVE-2025-59287) to gain access, use PowerCat for a shell, and deploy the ShadowPad malware. AhnLab SEcurity intelligence Center (ASEC) researchers reported that threat actors exploited a recently patched WSUS flaw (CVE-2025-59287) to deliver the ShadowPad malware. ShadowPad is a backdoor widely used by China-linked APT groups and privately sold…
-
Oracle OIM zero”‘day: Pre”‘auth RCE forces rapid patching across enterprises
Tags: advisory, authentication, cyber, exploit, flaw, oracle, rce, remote-code-execution, sans, technology, update, vulnerabilityThe patching urgency: In its CPU advisory, Oracle addressed this flaw along with hundreds of others across its portfolio. Researchers call it a common Java filter flaw, which makes it a known territory for attackers.”The vulnerability our team discovered follows a familiar pattern in Java: filters designed to restrict authentication often contain easy-to-exploit authentication bypass…
-
Oracle OIM zero”‘day: Pre”‘auth RCE forces rapid patching across enterprises
Tags: advisory, authentication, cyber, exploit, flaw, oracle, rce, remote-code-execution, sans, technology, update, vulnerabilityThe patching urgency: In its CPU advisory, Oracle addressed this flaw along with hundreds of others across its portfolio. Researchers call it a common Java filter flaw, which makes it a known territory for attackers.”The vulnerability our team discovered follows a familiar pattern in Java: filters designed to restrict authentication often contain easy-to-exploit authentication bypass…
-
Oracle OIM zero”‘day: Pre”‘auth RCE forces rapid patching across enterprises
Tags: advisory, authentication, cyber, exploit, flaw, oracle, rce, remote-code-execution, sans, technology, update, vulnerabilityThe patching urgency: In its CPU advisory, Oracle addressed this flaw along with hundreds of others across its portfolio. Researchers call it a common Java filter flaw, which makes it a known territory for attackers.”The vulnerability our team discovered follows a familiar pattern in Java: filters designed to restrict authentication often contain easy-to-exploit authentication bypass…
-
Oracle OIM zero”‘day: Pre”‘auth RCE forces rapid patching across enterprises
Tags: advisory, authentication, cyber, exploit, flaw, oracle, rce, remote-code-execution, sans, technology, update, vulnerabilityThe patching urgency: In its CPU advisory, Oracle addressed this flaw along with hundreds of others across its portfolio. Researchers call it a common Java filter flaw, which makes it a known territory for attackers.”The vulnerability our team discovered follows a familiar pattern in Java: filters designed to restrict authentication often contain easy-to-exploit authentication bypass…
-
PoC Published for W3 Total Cache Flaw Exposing 1M+ Sites to RCE
Security researchers have published a proof-of-concept exploit for a critical remote code execution vulnerability in W3 Total Cache, one of WordPress’s most popular caching plugins with over one million active installations. The flaw, tracked as CVE-2025-9501, allows attackers to execute arbitrary code on vulnerable websites under specific conditions. Field Details CVE ID CVE-2025-9501 Affected Product…
-
PoC Published for W3 Total Cache Flaw Exposing 1M+ Sites to RCE
Security researchers have published a proof-of-concept exploit for a critical remote code execution vulnerability in W3 Total Cache, one of WordPress’s most popular caching plugins with over one million active installations. The flaw, tracked as CVE-2025-9501, allows attackers to execute arbitrary code on vulnerable websites under specific conditions. Field Details CVE ID CVE-2025-9501 Affected Product…
-
vLLM Flaw Allows Remote Code Execution Through Malicious Payloads
A high security vulnerability has been discovered in vLLM, a widely used high-throughput inference and serving engine for Large Language Models. The flaw, identified as CVE-2025-62164, enables attackers to execute arbitrary code remotely through maliciously crafted payloads sent to the Completions API endpoint. Attribute Details CVE ID CVE-2025-62164 Severity High CVSS Score 8.8/10 Affected Product vLLM…
-
vLLM Flaw Allows Remote Code Execution Through Malicious Payloads
A high security vulnerability has been discovered in vLLM, a widely used high-throughput inference and serving engine for Large Language Models. The flaw, identified as CVE-2025-62164, enables attackers to execute arbitrary code remotely through maliciously crafted payloads sent to the Completions API endpoint. Attribute Details CVE ID CVE-2025-62164 Severity High CVSS Score 8.8/10 Affected Product vLLM…
-
vLLM Flaw Allows Remote Code Execution Through Malicious Payloads
A high security vulnerability has been discovered in vLLM, a widely used high-throughput inference and serving engine for Large Language Models. The flaw, identified as CVE-2025-62164, enables attackers to execute arbitrary code remotely through maliciously crafted payloads sent to the Completions API endpoint. Attribute Details CVE ID CVE-2025-62164 Severity High CVSS Score 8.8/10 Affected Product vLLM…