Tag: remote-code-execution
-
Breach Roundup: US Cyber Command Flags Election Threats
Also, HexDex Arrest, Black Axe Crackdown, LeRobot RCE Flaw. This week, election threats resurfaced. A prolific hacker arrested. Black Axe network disrupted. China-linked disinformation targets Tibet. Exploited ScreenConnect and Windows flaws raise alarms. Minecraft gamers hit with stealer malware. A critical AI framework bug enables remote code execution. First seen on govinfosecurity.com Jump to article:…
-
Google’s fix for critical Gemini CLI bug might break your CI/CD pipelines
This CVSS 10.0 RCE vuln has been patched, automatically for some, so better check those workflows First seen on theregister.com Jump to article: www.theregister.com/2026/04/30/googles_fix_for_critical_gemini/
-
Max-severity RCE flaw found in Google Gemini CLI
The behavior is now fixed: Google has addressed the issue by removing implicit workspace trust in headless environments and enforcing stricter tool controls, effectively changing how Gemini CLI behaves in CI/CD pipelines.The patched versions (0.39.1 and 0.40.0-preview.3) now require explicit trust decisions before loading workspace configurations, aligning non-interactive execution with the same safeguards expected in…
-
PoC Disclosed for Critical Root ASUSTOR ADM RCE Flaw
A critical vulnerability, tracked as CVE-2026-6644, has been uncovered in ASUSTOR’s ADM (ASUSTOR Data Master) operating system. Specifically, the flaw exists within the PPTP VPN Client feature. Carrying a CVSS v4.0 score of 9.4, this OS command injection vulnerability allows an authenticated administrator to execute arbitrary commands with root privileges. ASUSTOR has since addressed the…
-
Qinglong Task Scheduler RCE Flaws Exploited in the Wild
Tags: authentication, cyber, exploit, flaw, hacker, malware, open-source, rce, remote-code-execution, vulnerabilityHackers are actively exploiting two severe authentication bypass vulnerabilities in Qinglong, a popular open-source task scheduling platform. These flaws allow attackers to execute arbitrary code and deploy resource-draining cryptomining malware on vulnerable servers. Qinglong is a self-hosted task management platform used by developers to automate background tasks using Python, JavaScript, Shell, and TypeScript scripts. With…
-
Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution
Google has addressed a maximum severity security flaw in Gemini CLI — the “@google/gemini-cli” npm package and the “google-github-actions/run-gemini-cli” GitHub Actions workflow — that could have allowed attackers to execute arbitrary commands on host systems.”The vulnerability allowed an unprivileged external attacker to force their own malicious content to load as Gemini configuration,” First seen on…
-
ProFTPD SQL Injection Flaw Opens Door To Remote Code Execution Attacks
A newly disclosed flaw in ProFTPD is drawing urgent attention because it can let attackers move from a simple SQL injection bug to authentication bypass, privilege escalation, and in some environments even remote code execution. Tracked as CVE-2026-42167, the issue was found in ProFTPD’s mod_sql extension by ZeroPath Research, and MITRE assigned it a CVSS…
-
Hackers exploit RCE flaws in Qinglong task scheduler for cryptomining
Tags: authentication, exploit, flaw, hacker, open-source, rce, remote-code-execution, tool, vulnerabilityHackers are exploiting two authentication bypass vulnerabilities in the Qinglong open-source task scheduling tool to deploy cryptominers on developers’ servers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-rce-flaws-in-qinglong-task-scheduler-for-cryptomining/
-
GitHub Flaw Enables Remote Code Execution With a Single Git Push
A GitHub flaw (CVE-2026-3854) enabled backend code execution via a single git push, risking exposure of repositories and secrets. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/github-flaw-enables-remote-code-execution-with-a-single-git-push/
-
GitHub Flaw Enables Remote Code Execution With a Single Git Push
A GitHub flaw (CVE-2026-3854) enabled backend code execution via a single git push, risking exposure of repositories and secrets. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/github-flaw-enables-remote-code-execution-with-a-single-git-push/
-
GitHub Flaw Enables Remote Code Execution With a Single Git Push
A GitHub flaw (CVE-2026-3854) enabled backend code execution via a single git push, risking exposure of repositories and secrets. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/github-flaw-enables-remote-code-execution-with-a-single-git-push/
-
AI Finds 38 Security Flaws in Electronic Health Record Platform
Flaws in OpenEMR’s platform, used by more than 100,000 healthcare providers, enabled database compromise, remote code execution, and data theft. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/ai-finds-38-security-flaws-openemr
-
88% of self-hosted GitHub servers exposed to RCE, researchers warn (CVE-2026-3854)
When researchers at Wiz reported an easily exploitable GitHub remote code execution flaw (CVE-2026-3854) on March 4, the company confirmed it within 40 minutes and pushed a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/29/cve-2026-3854-github-rce-vulnerability/
-
GitHub fixes RCE flaw that gave access to millions of private repos
In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed attackers to access millions of private repositories. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-fixes-rce-flaw-that-gave-access-to-millions-of-private-repos/
-
GitHub fixes RCE flaw that gave access to millions of private repos
In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed attackers to access millions of private repositories. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-fixes-rce-flaw-that-gave-access-to-millions-of-private-repos/
-
GitHub fixes RCE flaw that gave access to millions of private repos
In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed attackers to access millions of private repositories. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-fixes-rce-flaw-that-gave-access-to-millions-of-private-repos/
-
GitHub fixes RCE flaw that gave access to millions of private repos
In early March, GitHub patched a critical remote code execution vulnerability (CVE-2026-3854) that could have allowed attackers to access millions of private repositories. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-fixes-rce-flaw-that-gave-access-to-millions-of-private-repos/
-
Critical GitHub RCE bug exposed millions of repositories
Full compromise across tenants: In its analysis, Wiz detailed how the issue could be escalated from initial command execution to full remote code execution on affected systems.”On GitHub.com, this vulnerability allowed remote code execution on shared storage nodes. We confirmed that millions of public and private repositories belonging to other users and organizations were accessible…
-
Critical GitHub RCE bug exposed millions of repositories
Full compromise across tenants: In its analysis, Wiz detailed how the issue could be escalated from initial command execution to full remote code execution on affected systems.”On GitHub.com, this vulnerability allowed remote code execution on shared storage nodes. We confirmed that millions of public and private repositories belonging to other users and organizations were accessible…
-
GitHub Fixes Critical RCE Bug CVE-2026-3854 Within Hours of Discovery
Tags: cloud, cve, cvss, cybersecurity, flaw, github, infrastructure, rce, remote-code-execution, vulnerabilityCybersecurity researchers have revealed critical details about a newly identified RCE vulnerability, tracked as CVE-2026-3854, affecting both GitHub’s cloud infrastructure and GitHub Enterprise Server deployments. The flaw, which carries a high CVSS score of 8.7, could allow an authenticated user to execute arbitrary code on affected systems with a single crafted First seen on thecyberexpress.com…
-
GitHub.com and Enterprise Server Vulnerability Allows Remote Code Execution
Wiz Research has identified a critical remote code execution (RCE) vulnerability, tracked as CVE-2026-3854, deeply embedded within GitHub’s internal git infrastructure. This high-severity flaw enabled any authenticated user to execute arbitrary commands on backend servers using a single standard git push command. The vulnerability originates from an improper neutralization of special elements during repository push operations. GitHub’s…
-
CVE-2026-3854 GitHub flaw enables remote code execution
Critical GitHub flaw CVE-2026-3854 lets attackers run code with a single git push, exploiting a command injection bug. Researchers found a critical vulnerability in GitHub, tracked as CVE-2026-3854, that allows remote code execution through a simple git push. The vulnerability affects GitHub Enterprise Cloud, GitHub Enterprise Cloud with Data Residency, GitHub Enterprise Cloud with Enterprise…
-
Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push
Tags: access, cve, cybersecurity, flaw, github, injection, rce, remote-code-execution, vulnerabilityCybersecurity researchers have disclosed details of a critical security vulnerability impacting GitHub.com and GitHub Enterprise Server that could allow an authenticated user to obtain remote code execution with a single “git push” command.The flaw, tracked as CVE-2026-3854 (CVSS score: 8.7), is a case of command injection that could allow an attacker with push access to…
-
Hugging Face LeRobot Flaw Opens Door to Remote Code Execution Attacks
A critical remote code execution (RCE) vulnerability has been uncovered in Hugging Face’s LeRobot, a popular open-source robotics machine learning framework. Tracked as CVE-2026-25874, the flaw carries a maximum CVSS severity score of 9.8 and allows unauthenticated attackers to execute arbitrary system commands on affected servers. With over 21,500 stars on GitHub, LeRobot’s widespread adoption…
-
Critical Cursor bug could turn routine Git into RCE
Tags: ai, attack, cvss, flaw, malicious, nvd, penetration-testing, phishing, rce, remote-code-executionExpanded attack surface with agentic IDEs: Novee warned that while traditional IDEs are passive, doing what developers explicitly tell them to do, Cursor’s AI agent interprets intent and autonomously decides which commands to run, which includes Git operations. And that’s where the problem lies.”In traditional pentesting, ‘client-side’ attacks targeting developer machines have always been a…
-
Critical Unpatched Flaw Leaves Hugging Face LeRobot Open to Unauthenticated RCE
Tags: cve, cybersecurity, data, exploit, flaw, github, open-source, rce, remote-code-execution, vulnerabilityCybersecurity researchers have disclosed details of a critical security flaw impacting LeRobot, Hugging Face’s open-source robotics platform with nearly 24,000 GitHub stars, that could be exploited to achieve remote code execution.The vulnerability in question is CVE-2026-25874 (CVSS score: 9.3), which has been described as a case of untrusted data deserialization stemming from the use of…
-
CVE-2026-25874: Hugging Face LeRobot Unauthenticated RCE via Pickle Deserialization
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/cve-2026-25874-hugging-face-lerobot-unauthenticated-rce-via-pickle-deserialization
-
Unberechtigte Lese- und Schreibrechte – Kritische RCE-Schwachstelle verbreitet sich über Microsoft-GitHub-Repository
First seen on security-insider.de Jump to article: www.security-insider.de/kritische-github-action-luecke-windows-driver-samples-a-58810c5cd389118ac89a7a953f688c5c/
-
Critical Gemini CLI Flaw Raises Supply Chain Security Concerns
Google has rolled out urgent security updates for its Gemini CLI and the accompanying GitHub Action to address a critical vulnerability. Tracked as GHSA-wpqr-6v78-jr5g, this flaw exposes continuous integration and continuous deployment (CI/CD) pipelines to Remote Code Execution (RCE) attacks. Improper handling of workspace trust and tool allowlisting allows malicious actors to compromise automated workflows,…
-
Metabase Enterprise RCE Flaw Now Has Public ProofConcept Exploit
Security researchers have published a working Proof of Concept (PoC) exploit for a critical vulnerability in Metabase Enterprise. Tracked as CVE-2026-33725, this security flaw allows attackers to achieve Remote Code Execution (RCE) and read arbitrary files on targeted systems. The availability of a public exploit script significantly increases the risk for organizations running unpatched instances…