Tag: remote-code-execution
-
Riddled with flaws, serialEthernet converters endanger critical infrastructure
Tags: access, authentication, control, credentials, data, data-breach, exploit, firmware, flaw, infrastructure, malicious, network, open-source, password, rce, remote-code-execution, risk, service, threat, update, vulnerabilityNew RCE and other vulnerabilities: Aside from all the known vulnerabilities from open-source components, the Forescout researchers also performed manual security analysis and identified previously unknown flaws in the firmware of three specific devices from two vendors: Lantronix EDS3000PS Series, Lantronix EDS5000 Series, and Silex SD330-AC.The web-based management interface of the Lantronix EDS5000 had five…
-
Riddled with flaws, serialEthernet converters endanger critical infrastructure
Tags: access, authentication, control, credentials, data, data-breach, exploit, firmware, flaw, infrastructure, malicious, network, open-source, password, rce, remote-code-execution, risk, service, threat, update, vulnerabilityNew RCE and other vulnerabilities: Aside from all the known vulnerabilities from open-source components, the Forescout researchers also performed manual security analysis and identified previously unknown flaws in the firmware of three specific devices from two vendors: Lantronix EDS3000PS Series, Lantronix EDS5000 Series, and Silex SD330-AC.The web-based management interface of the Lantronix EDS5000 had five…
-
You’re Not Watching MCPs. Anthropic’s Vulnerability Shows Why You Should Be.
Tags: access, ai, api, attack, authentication, breach, control, credentials, cve, data, framework, hacker, infrastructure, injection, LLM, remote-code-execution, risk, saas, siem, supply-chain, threat, update, vulnerabilityLast week, researchers at OX Security published findings that should stop every security leader in their tracks. They discovered a critical vulnerability baked directly into Anthropic’s Model Context Protocol SDK, affecting every supported language: Python, TypeScript, Java, and Rust. The result: remote code execution on any system running a vulnerable MCP implementation, with direct access…
-
New Mirai campaign exploits RCE flaw in EoL D-Link routers
A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability affecting D-Link DIR-823X routers, to enlist devices into the botnet. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-mirai-campaign-exploits-rce-flaw-in-eol-d-link-routers/
-
Google Fixes Critical RCE Flaw in AI-Based ‘Antigravity’ Tool
The prompt-injection vulnerability in the agentic AI product for filesystem operations was a sanitization issue that allowed for sandbox escape and arbitrary code execution. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/google-fixes-critical-rce-flaw-ai-based-antigravity-tool
-
Surge in Bomgar RMM Exploitation Demonstrates Supply Chain Risk
The critical remote code execution flaw (CVE-2026-1731) in the remote monitoring and management tool can be exploited to spread ransomware and compromise supply chains. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/surge-bomgar-rmm-exploitation-demonstrates-supply-chain-risk
-
Google Fixes Critical RCE Flaw in AI-Based Antigravity Tool
The prompt injection vulnerability in the agentic AI product for filesystem operations was a sanitization issue that allowed for sandbox escape and arbitrary code execution. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/google-fixes-critical-rce-flaw-ai-based-antigravity-tool
-
Prompt injection turned Google’s Antigravity file search into RCE
Google’s sandbox never got a chance: Antigravity’s Secure Mode, which is designed to restrict network access, prevent out-of-workspace writes, and ensure all command operations run strictly under a sandbox context, could not flag or quarantine this technique. This is because the find_my_name tool is called much before Secure Mode restrictions are evaluated.”The agent treats it…
-
Prompt injection turned Google’s Antigravity file search into RCE
Google’s sandbox never got a chance: Antigravity’s Secure Mode, which is designed to restrict network access, prevent out-of-workspace writes, and ensure all command operations run strictly under a sandbox context, could not flag or quarantine this technique. This is because the find_my_name tool is called much before Secure Mode restrictions are evaluated.”The agent treats it…
-
Prompt injection turned Google’s Antigravity file search into RCE
Google’s sandbox never got a chance: Antigravity’s Secure Mode, which is designed to restrict network access, prevent out-of-workspace writes, and ensure all command operations run strictly under a sandbox context, could not flag or quarantine this technique. This is because the find_my_name tool is called much before Secure Mode restrictions are evaluated.”The agent treats it…
-
Prompt injection turned Google’s Antigravity file search into RCE
Google’s sandbox never got a chance: Antigravity’s Secure Mode, which is designed to restrict network access, prevent out-of-workspace writes, and ensure all command operations run strictly under a sandbox context, could not flag or quarantine this technique. This is because the find_my_name tool is called much before Secure Mode restrictions are evaluated.”The agent treats it…
-
Apache Syncope RCE Vulnerability Detailed After Public Exploit Code Release
Tags: apache, cve, cvss, cyber, exploit, flaw, government, identity, open-source, rce, remote-code-execution, vulnerabilitySecurity researchers have released full technical details and a working proof-of-concept (PoC) exploit for CVE-2025-57738, a high-severity remote code execution (RCE) vulnerability in Apache Syncope, a widely deployed open-source identity management platform used across enterprise and government environments. Tracked as CVE-2025-57738 with a CVSS score of 7.2 (HIGH), the flaw exists in how Apache Syncope…
-
Malicious GGUF Models Could Trigger Remote Code Execution on SGLang Servers
Security researchers have uncovered a critical vulnerability in SGLang, a widely used framework for running large language models, that allows threat actors to compromise inference servers. Tracked as CVE-2026-5760, this flaw enables Remote Code Execution (RCE) when a server loads a maliciously crafted GGUF model file. By simply hosting a weaponized model on platforms like…
-
Remote Code Execution und Evelation of Privilege – CISA warnt vor Angriffen auf Microsoft Exchange und Windows CLFS
First seen on security-insider.de Jump to article: www.security-insider.de/aktive-angriffe-exchange-windows-clfs-schwachstellen-patchen-a-18e96c176dc7a26db31fdca756f24673/
-
Vuln in Google’s Antigravity AI agent manager could escape sandbox, give attackers remote code execution
Google’s highest security setting for its agents runs command operations through a sandbox and throttles network access, but is still vulnerable to prompt injection. First seen on cyberscoop.com Jump to article: cyberscoop.com/google-antigravity-pillar-security-agent-sandbox-escape-remote-code-execution/
-
SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files
Tags: cve, cvss, exploit, injection, malicious, open-source, rce, remote-code-execution, vulnerabilityA critical security vulnerability has been disclosed in SGLang that, if successfully exploited, could result in remote code execution on susceptible systems.The vulnerability, tracked as CVE-2026-5760, carries a CVSS score of 9.8 out of 10.0. It has been described as a case of command injection leading to the execution of arbitrary code.SGLang is a high-performance,…
-
Anthropic MCP Hit by Critical Vulnerability Enabling Remote Code Execution
A critical, systemic vulnerability discovered in Anthropic’s Model Context Protocol (MCP) has exposed over 150 million downloads and up to 200,000 servers to complete takeover, according to research published April 15, 2026, by the OX Security Research team. The flaw enables Arbitrary Remote Code Execution (RCE) on any system running a vulnerable MCP implementation, allowing…
-
52M-Download protobuf.js Library Hit by RCE in Schema Handling
Critical RCE flaw in protobuf.js lets attackers execute code via malicious schemas. Learn who is at risk, affected versions, and how to fix it. First seen on hackread.com Jump to article: hackread.com/52m-download-protobuf-js-library-rce-schema-handle/
-
Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain
Tags: access, ai, cybersecurity, flaw, intelligence, rce, remote-code-execution, supply-chain, vulnerabilityCybersecurity researchers have discovered a critical “by design” weakness in the Model Context Protocol’s (MCP) architecture that could pave the way for remote code execution and have a cascading effect on the artificial intelligence (AI) supply chain.”This flaw enables Arbitrary Command Execution (RCE) on any system running a vulnerable MCP implementation, granting attackers direct access…
-
Marimo Pre-Auth RCE via Unauthenticated WebSocket Terminal (CVE-2026-39987)
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/marimo-pre-auth-rce-via-unauthenticated-websocket-terminal-cve-2026-39987
-
Spring AI SpEL Injection: From Vector Search to Remote Code Execution (CVE-2026-22738)
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/spring-ai-spel-injection-from-vector-search-to-remote-code-execution-cve-2026-22738
-
ShowDoc Vulnerability Patched in 2020 Now Used in Active Server Takeovers
Hackers are exploiting a 5-year-old ShowDoc vulnerability (CVE-2025-0520) to deploy web shells, enabling RCE and full server takeover worldwide. First seen on hackread.com Jump to article: hackread.com/showdoc-vulnerability-patch-2020-server-takeover/
-
ShowDoc Vulnerability Patched in 2020 Now Used in Active Server Takeovers
Hackers are exploiting a 5-year-old ShowDoc vulnerability (CVE-2025-0520) to deploy web shells, enabling RCE and full server takeover worldwide. First seen on hackread.com Jump to article: hackread.com/showdoc-vulnerability-patch-2020-server-takeover/
-
Critical flaw in Protobuf library enables JavaScript code execution
Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google’s Protocol Buffers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-flaw-in-protobuf-library-enables-javascript-code-execution/
-
Critical sandbox bypass fixed in popular Thymeleaf Java template engine
new keyword followed by an ASCII space, T (Spring Expression Language type references) and @ (SpEL bean references in some code paths). However, the check only looked for ASCII space 0x20 characters, but the SpEL’s parser also accepts tab (0x09), newline (0x0A), and other control characters between new and the class name.Another policy blocked classes…
-
Critical sandbox bypass fixed in popular Thymeleaf Java template engine
new keyword followed by an ASCII space, T (Spring Expression Language type references) and @ (SpEL bean references in some code paths). However, the check only looked for ASCII space 0x20 characters, but the SpEL’s parser also accepts tab (0x09), newline (0x0A), and other control characters between new and the class name.Another policy blocked classes…
-
CVE-2026-34197: Apache ActiveMQ Jolokia RCE Vulnerability
CVE-2026-34197: ActiveMQ Jolokia flaw enables authenticated RCE, exposing sensitive data, credentials, and integrated systems across enterprise environments. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/cve-2026-34197-apache-activemq-jolokia-rce-vulnerability/
-
Weaponized CVE-2026-39987 Pushes Blockchain Backdoor Through Hugging Face
Tags: backdoor, blockchain, credentials, cve, cyber, exploit, infection, rce, remote-code-execution, theftAttackers are rapidly exploiting CVE-2026-39987 in the marimo Python notebook platform to deploy a new NKAbuse backdoor variant hosted on Hugging Face Spaces, turning AI/ML developer environments into high”‘value infection points. The campaign combines pre-auth RCE, credential theft, lateral movement to PostgreSQL and Redis, and a blockchain-based C2 channel that is difficult to monitor or…
-
Beating the Mythos clock: Using Tenable Hexa AI custom agents for automated patching
Tags: ai, business, cvss, cyberattack, data, exploit, LLM, mitigation, network, remote-code-execution, risk, strategy, supply-chain, threat, tool, update, vulnerability, vulnerability-managementSee how Tenable Hexa AI custom agents empower you to counter machine-speed threats by automating vulnerability remediation. Learn how the Model Context Protocol (MCP) automates execution of risk-driven patching workflows, shifting your strategy from reactive tracking to continuous exposure management. Key takeaways Even in previews, powerful AI models like Claude Mythos show us how quickly…
-
RCE by design: MCP architectural choice haunts AI agent ecosystem
sh, bash, powershell, curl, rm, and other high-risk binaries, they added.The core issue is that there’s currently no check in place to verify that a STDIO command is intended to initialize an MCP server rather than perform a malicious task. Furthermore, the researchers observed that even if the sent command fails to start the server,…