Tag: remote-code-execution
-
Beware of Fake Error Pages Deploying Platform-Specific Malware on Linux and Windows Systems
Tags: cloud, crypto, cyber, data-breach, exploit, infrastructure, linux, malware, remote-code-execution, scam, service, windowsWiz Research has uncovered an active cryptomining campaign, dubbed Soco404, that exploits misconfigurations in PostgreSQL databases and other cloud services to deploy platform-specific malware on both Linux and Windows systems. This operation, part of a broader crypto-scam infrastructure, leverages opportunistic scanning for exposed services, abusing features like PostgreSQL’s COPY FROM PROGRAM for remote code execution…
-
Multiple Hacker Groups Exploit SharePoint 0-Day Vulnerability in the Wild
Tags: cve, cyber, cybercrime, exploit, flaw, group, hacker, microsoft, remote-code-execution, threat, vulnerability, zero-dayMicrosoft has confirmed that a pair of zero-day vulnerabilities in on-premises SharePoint Server, collectively dubbed ToolShell, are under active exploitation by diverse threat actors ranging from opportunistic cybercriminals to sophisticated nation-state advanced persistent threat (APT) groups. ToolShell encompasses CVE-2025-53770, a critical remote code execution (RCE) flaw allowing unauthenticated attackers to execute arbitrary code on vulnerable…
-
Weidmueller Industrial Routers Exposed to Remote Code Execution Flaws
Multiple high-severity security vulnerabilities have been discovered in Weidmueller Industrial Routers, potentially allowing attackers to execute arbitrary code with root privileges on affected devices. The German industrial automation company has released security patches to address five critical flaws affecting its IE-SR-2TX router series. Critical Security Advisory Details The vulnerabilities, tracked under advisory VDE-2025-052, were first…
-
Fixed Ivanti Bugs Still Haunt Japan Orgs 6 Months Later
Chinese threat actors have been feeding off the same Ivanti RCE vulnerabilities we’ve known about since last year, partly thanks to complications in patching. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/fixed-ivanti-bugs-japan-orgs-6-months-later
-
Handlungsempfehlungen und Indicators of Compromise zur Sharepoint-Sicherheitslücke Toolshell von Bitdefender
Die Experten von Bitdefender bestätigen, dass Hacker aktiv die Remote-Code-Execution-(RCE) Schwachstelle , CVE-2025-53770, ausnutzen. Die Sicherheitsexperten beobachteten Angriffe in zahlreichen Ländern darunter in Deutschland, Schweiz und Österreich sowie in den Niederlanden, den Vereinigten Staaten, Kanada, Mexiko, Südafrika und Jordanien. Bitdefender hat in einer ersten technischen Analyse Anzeichen für diese Attacken IoCs (Indicators of […] First…
-
Chinese cyber spies among those linked to SharePoint attacks
Exploitation of the ToolShell RCE zero-day in Microsoft SharePoint continues to gather pace, with evidence emerging of exploitation by nation state-backed threat actors First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366627767/Chinese-cyber-spies-among-those-linked-to-SharePoint-attacks
-
Prettier-ESLint npm packages hijacked in a sophisticated supply chain attack
Tags: attack, authentication, credentials, detection, github, malicious, mfa, phishing, rce, remote-code-execution, supply-chain, updateAutomated GitHub alarms triggered a quick response: Detection was swift once the updates bypassed GitHub’s usual commit-based alerts and raised red flags in registry logs. The maintainer revoked the compromised token, deprecated the malicious releases, and collaborated with npm to remove them.Socket noted that the attack is a textbook example of “multi-stage supply chain compromise,”…
-
Cisco Alerts on ISE RCE Vulnerability Actively Exploited
Cisco has issued an urgent security advisory warning that a set of critical remote code execution (RCE) vulnerabilities affecting its Identity Services Engine (ISE) and Passive Identity Connector (ISE-PIC) products are being actively exploited in the wild. The flaws, tracked as CVE-2025-20281, CVE-2025-20282, and CVE-2025-20337, carry the highest possible severity rating, with a CVSS base…
-
Critical Sophos Firewall Flaws Allow Pre-Auth RCE
Tags: authentication, cyber, cybersecurity, firewall, flaw, network, rce, remote-code-execution, risk, sophos, vulnerabilitySophos has disclosed multiple critical security vulnerabilities affecting its Firewall products, with the most severe flaws enabling pre-authentication remote code execution that could allow attackers to completely compromise affected systems. The cybersecurity company released hotfixes for five independent vulnerabilities, two of which carry critical severity ratings and pose significant risks to enterprise networks worldwide. Severe…
-
Attackers Can Exploit Lighthouse Studio RCE Bug to Gain Server Access
Researchers at Assetnote have uncovered a critical remote code execution (RCE) vulnerability in Lighthouse Studio, a widely used survey software developed by Sawtooth Software. This flaw, affecting the Perl CGI scripts that power the web-based survey component, enables unauthenticated attackers to execute arbitrary code on hosting servers simply by accessing a survey link. Vulnerability in…
-
âš¡ Weekly Recap: SharePoint 0-Day, Chrome Exploit, macOS Spyware, NVIDIA Toolkit RCE and More
Even in well-secured environments, attackers are getting in”, not with flashy exploits, but by quietly taking advantage of weak settings, outdated encryption, and trusted tools left unprotected.These attacks don’t depend on zero-days. They work by staying unnoticed”, slipping through the cracks in what we monitor and what we assume is safe. What once looked suspicious…
-
Microsoft SharePoint servers under attack via zero-day vulnerability (CVE-2025-53770)
Attackers are exploiting a zero-day variant (CVE-2025-53770) of a SharePoint remote code execution vulnerability (CVE-2025-49706) that Microsoft patched earlier this month, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/20/microsoft-sharepoint-servers-under-attack-via-zero-day-vulnerability-with-no-patch-cve-2025-53770/
-
Livewire Flaw Puts Millions of Laravel Apps at Risk of RCE Attacks
A critical vulnerability discovered in Livewire, a popular full-stack framework for Laravel applications, exposes millions of web properties to unauthenticated remote command execution attacks. Tracked as CVE-2025-54068, the flaw resides in Livewire versions from 3.0.0-beta.1 up to 3.6.3 and stems from the way certain component property updates are hydrated, allowing an attacker to inject and…
-
CISA Issues Alert on Microsoft SharePoint 0-Day RCE Exploited in Attacks
Tags: attack, cisa, cve, cyber, cybersecurity, data, exploit, flaw, infrastructure, microsoft, rce, remote-code-execution, threat, vulnerability, zero-dayThe Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent security alert regarding a critical zero-day vulnerability in Microsoft SharePoint Server that is being actively exploited in cyberattacks. The vulnerability, tracked as CVE-2025-53770, represents a significant threat to organizations running on-premises SharePoint installations. The flaw stems from a deserialization of untrusted data vulnerability within…
-
Microsoft releases emergency patches for SharePoint RCE flaws exploited in attacks
Microsoft has released emergency SharePoint security updates for two zero-day vulnerabilities tracked as CVE-2025-53770 and CVE-2025-53771 that have compromised services worldwide in “ToolShell” attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-patches-for-sharepoint-rce-flaws-exploited-in-attacks/
-
SharePoint 0-Day RCE Flaw Actively Exploited for Full Server Takeover
A devastating new SharePoint vulnerability is being actively exploited in large-scale attacks worldwide, enabling attackers to gain complete control of on-premise servers without authentication. Security researchers at Eye Security discovered the ongoing campaign on July 18, 2025, revealing a sophisticated exploit chain dubbed >>ToolShell
-
Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks
Microsoft on Sunday released security patches for an actively exploited security flaw in SharePoint and also released details of another vulnerability that it said has been addressed with “more robust protections.”The tech giant acknowledged it’s “aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security First seen…
-
Microsoft SharePoint servers under attack via zero-day vulnerability with no patch (CVE-2025-53770)
Attackers are exploiting a zero-day variant (CVE-2025-53770) of a SharePoint remote code execution vulnerability (CVE-2025-49706) that Microsoft patched earlier this month, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/07/20/microsoft-sharepoint-servers-under-attack-via-zero-day-vulnerability-with-no-patch-cve-2025-53770/
-
Microsoft SharePoint zero-day exploited in RCE attacks, no patch available
A critical zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770, has been actively exploited since at least July 18th, with no patch available and at least 85 servers already compromised worldwide. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-sharepoint-zero-day-exploited-in-rce-attacks-no-patch-available/
-
Cisco warns of another critical RCE flaw in ISE, urges immediate patching
Tags: access, ai, api, breach, cisco, communications, credentials, endpoint, exploit, flaw, network, radius, rce, remote-code-execution, risk, update, vulnerability, wifiFaster patching is needed: Barr is concerned about the flaw in finding N-day abuse. “While it’s positive that Cisco is transparent in disclosure and swift in releasing patches, the reality is that patching these types of vulnerabilities, especially in large, distributed enterprise environments, is not instantaneous,” he said. “Restart requirements and dependencies on high-availability setups…
-
Oracle-Lücke birgt Gefahr für RCE-Attacken
Tags: access, bug, cloud, cve, cyberattack, data, exploit, infrastructure, linux, oracle, rce, remote-code-execution, tool, vulnerabilityOracle hat das Sicherheitsproblem im Code Editor bereits gefixt.Forscher von Tenable Research haben eine Sicherheitslücke im Code-Editor von Oracle Cloud Infrastructure (OCI) entdeckt, die Unternehmen für Remote-Code-Execution-Angriffe (RCE) anfällig macht. Die webbasierte integrierte Entwicklungsumgebung (IDI) dient zur Verwaltung von Ressourcen wie Functions, Resource Manager und Data Science und sorgt für nahtlose Entwickler-Workflows.Die enge Integration mit…
-
Cisco patches critical CVE-2025-20337 bug in Identity Services Engine with CVSS 10 Severity
Cisco warns of CVE-2025-20337, a critical ISE flaw (CVSS 10) allowing remote code execution with root privileges. Cisco addressed a critical vulnerability, tracked as CVE-2025-20337 (CVSS score of 10), in Identity Services Engine (ISE) and Cisco Identity Services Engine Passive Identity Connector (ISE-PIC). An attacker could trigger the vulnerability to execute arbitrary code on the…
-
1-Click Oracle Cloud Code Editor RCE Flaw Allows Malicious File Upload to Shell
Tags: cloud, cyber, flaw, infrastructure, malicious, oracle, rce, remote-code-execution, service, threat, vulnerabilityTenable Research has disclosed a critical Remote Code Execution (RCE) vulnerability in Oracle Cloud Infrastructure’s Code Editor that enabled attackers to silently hijack victim Cloud Shell environments through a single malicious link. The vulnerability, which has since been remediated by Oracle, could have allowed threat actors to pivot across multiple OCI services and compromise integrated…
-
Critical SharePoint RCE Vulnerability Exploited via Malicious XML in Web Part
A severe remote code execution (RCE) vulnerability has been discovered in Microsoft SharePoint that allows attackers to execute arbitrary code through malicious XML content embedded within web parts. According to the recent report, the vulnerability, which affects the deserialization process of webpart properties, represents a significant security risk for organizations running vulnerable SharePoint installations. Technical…
-
0-Day RCE Flaw in SonicWall SMA Devices Exploited to Launch OVERSTEP Ransomware
Tags: access, breach, credentials, cyber, cyberattack, exploit, flaw, google, group, intelligence, mobile, ransomware, rce, remote-code-execution, threat, zero-dayGoogle’s Threat Intelligence Group (GTIG) has uncovered a sophisticated cyberattack campaign targeting end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances, where threat actors are exploiting previously stolen credentials and deploying a new rootkit called OVERSTEP. The financially motivated group, tracked as UNC6148, has been operating since at least October 2024 and is suspected of…
-
New Fortinet FortiWeb hacks likely linked to public RCE exploits
Multiple Fortinet FortiWeb instances recently infected with web shells are believed to have been compromised using public exploits for a recently patched remote code execution (RCE) flaw tracked as CVE-2025-25257. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-fortinet-fortiweb-hacks-likely-linked-to-public-rce-exploits/
-
One click to compromise: Oracle Cloud Code Editor flaw exposed users to RCE
Attacks could have a wider blast radius: Because Code Editor operates on the same underlying file system as the Cloud Shell, essentially a Linux home directory in the cloud, attackers could tamper with files used by other integrated services. This turns the flaw in the seemingly contained developer tool into an exposure for lateral movement…
-
LaRecipe Tool with 2.3M Downloads Found Vulnerable to Full Server Takeover
A critical security vulnerability has been discovered in LaRecipe, a popular Laravel documentation package with over 2.3 million downloads, that could allow attackers to completely compromise affected servers. The vulnerability, identified as CVE-2025-53833, enables Server-Side Template Injection (SSTI) attacks that can lead to Remote Code Execution (RCE) on vulnerable systems. Critical Vulnerability Discovered Security researcher…
-
PoC Released for High-Severity Git CLI Vulnerability Allowing Arbitrary File Writes
A critical vulnerability in Git’s command-line interface has been disclosed with public proof-of-concept exploits available, allowing arbitrary file writes and remote code execution on Linux and macOS systems. CVE-2025-48384 affects Git installations usinggit clone recursiveon weaponized repositories, exploiting improper handling of carriage return characters in.gitmodulesfiles to bypass security controls. Field Details CVE ID CVE-2025-48384 CVSS…