Tag: remote-code-execution
-
Anthropic MCP Hit by Critical Vulnerability Enabling Remote Code Execution
A critical, systemic vulnerability discovered in Anthropic’s Model Context Protocol (MCP) has exposed over 150 million downloads and up to 200,000 servers to complete takeover, according to research published April 15, 2026, by the OX Security Research team. The flaw enables Arbitrary Remote Code Execution (RCE) on any system running a vulnerable MCP implementation, allowing…
-
52M-Download protobuf.js Library Hit by RCE in Schema Handling
Critical RCE flaw in protobuf.js lets attackers execute code via malicious schemas. Learn who is at risk, affected versions, and how to fix it. First seen on hackread.com Jump to article: hackread.com/52m-download-protobuf-js-library-rce-schema-handle/
-
Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain
Tags: access, ai, cybersecurity, flaw, intelligence, rce, remote-code-execution, supply-chain, vulnerabilityCybersecurity researchers have discovered a critical “by design” weakness in the Model Context Protocol’s (MCP) architecture that could pave the way for remote code execution and have a cascading effect on the artificial intelligence (AI) supply chain.”This flaw enables Arbitrary Command Execution (RCE) on any system running a vulnerable MCP implementation, granting attackers direct access…
-
Marimo Pre-Auth RCE via Unauthenticated WebSocket Terminal (CVE-2026-39987)
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/marimo-pre-auth-rce-via-unauthenticated-websocket-terminal-cve-2026-39987
-
Spring AI SpEL Injection: From Vector Search to Remote Code Execution (CVE-2026-22738)
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/spring-ai-spel-injection-from-vector-search-to-remote-code-execution-cve-2026-22738
-
ShowDoc Vulnerability Patched in 2020 Now Used in Active Server Takeovers
Hackers are exploiting a 5-year-old ShowDoc vulnerability (CVE-2025-0520) to deploy web shells, enabling RCE and full server takeover worldwide. First seen on hackread.com Jump to article: hackread.com/showdoc-vulnerability-patch-2020-server-takeover/
-
ShowDoc Vulnerability Patched in 2020 Now Used in Active Server Takeovers
Hackers are exploiting a 5-year-old ShowDoc vulnerability (CVE-2025-0520) to deploy web shells, enabling RCE and full server takeover worldwide. First seen on hackread.com Jump to article: hackread.com/showdoc-vulnerability-patch-2020-server-takeover/
-
Critical flaw in Protobuf library enables JavaScript code execution
Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google’s Protocol Buffers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-flaw-in-protobuf-library-enables-javascript-code-execution/
-
Critical sandbox bypass fixed in popular Thymeleaf Java template engine
new keyword followed by an ASCII space, T (Spring Expression Language type references) and @ (SpEL bean references in some code paths). However, the check only looked for ASCII space 0x20 characters, but the SpEL’s parser also accepts tab (0x09), newline (0x0A), and other control characters between new and the class name.Another policy blocked classes…
-
Critical sandbox bypass fixed in popular Thymeleaf Java template engine
new keyword followed by an ASCII space, T (Spring Expression Language type references) and @ (SpEL bean references in some code paths). However, the check only looked for ASCII space 0x20 characters, but the SpEL’s parser also accepts tab (0x09), newline (0x0A), and other control characters between new and the class name.Another policy blocked classes…
-
CVE-2026-34197: Apache ActiveMQ Jolokia RCE Vulnerability
CVE-2026-34197: ActiveMQ Jolokia flaw enables authenticated RCE, exposing sensitive data, credentials, and integrated systems across enterprise environments. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/cve-2026-34197-apache-activemq-jolokia-rce-vulnerability/
-
Weaponized CVE-2026-39987 Pushes Blockchain Backdoor Through Hugging Face
Tags: backdoor, blockchain, credentials, cve, cyber, exploit, infection, rce, remote-code-execution, theftAttackers are rapidly exploiting CVE-2026-39987 in the marimo Python notebook platform to deploy a new NKAbuse backdoor variant hosted on Hugging Face Spaces, turning AI/ML developer environments into high”‘value infection points. The campaign combines pre-auth RCE, credential theft, lateral movement to PostgreSQL and Redis, and a blockchain-based C2 channel that is difficult to monitor or…
-
ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories
You know that feeling when you open your feed on a Thursday morning and it’s just… a lot? Yeah. This week delivered. We’ve got hackers getting creative in ways that are almost impressive if you ignore the whole “crime” part, ancient vulnerabilities somehow still ruining people’s days, and enough supply chain drama to fill a…
-
Beating the Mythos clock: Using Tenable Hexa AI custom agents for automated patching
Tags: ai, business, cvss, cyberattack, data, exploit, LLM, mitigation, network, remote-code-execution, risk, strategy, supply-chain, threat, tool, update, vulnerability, vulnerability-managementSee how Tenable Hexa AI custom agents empower you to counter machine-speed threats by automating vulnerability remediation. Learn how the Model Context Protocol (MCP) automates execution of risk-driven patching workflows, shifting your strategy from reactive tracking to continuous exposure management. Key takeaways Even in previews, powerful AI models like Claude Mythos show us how quickly…
-
RCE by design: MCP architectural choice haunts AI agent ecosystem
sh, bash, powershell, curl, rm, and other high-risk binaries, they added.The core issue is that there’s currently no check in place to verify that a STDIO command is intended to initialize an MCP server rather than perform a malicious task. Furthermore, the researchers observed that even if the sent command fails to start the server,…
-
Microsoft’s April 2026 Patch Tuesday Addresses 163 CVEs (CVE-2026-32201)
Tags: advisory, api, attack, best-practice, cloud, container, cve, cvss, cyber, data, exploit, firewall, firmware, flaw, framework, github, Internet, malicious, microsoft, mitigation, office, powershell, rce, remote-code-execution, service, software, sql, startup, tool, update, vulnerability, windows, zero-day8Critical 154Important 1Moderate 0Low Microsoft addresses 163 CVEs in the April 2026 Patch Tuesday release, including two zero-day vulnerabilities, one of which was exploited in the wild. Microsoft patched 163 CVEs in its April 2026 Patch Tuesday release, with eight rated critical, 154 rated as important and one rated as moderate. This is the second…
-
Attackers target unpatched ShowDoc servers via CVE-2025-0520
A critical RCE flaw, tracked as CVE-2025-0520, in ShowDoc is being actively exploited, putting unpatched servers at serious risk. A critical remote code execution flaw, tracked as CVE-2025-0520 (CVSS score of 9.4), affecting ShowDoc is under active exploitation in the wild. ShowDoc is an online tool that helps IT teams share documents and improve collaboration…
-
Hackers Exploit Critical ShowDoc RCE Flaw in Ongoing Attacks
Tags: attack, cyber, cybersecurity, exploit, flaw, hacker, rce, remote-code-execution, risk, software, vulnerabilityCybersecurity researchers have highlighted a critical vulnerability in ShowDoc, a widely used online document-sharing platform designed for IT teams. Tracked as CNVD-2020-26585, this severe security flaw allows unauthenticated remote code execution (RCE) on compromised servers. The vulnerability poses a significant risk to organizations relying on outdated versions of the software for internal collaboration, as it…
-
Hackers Exploit Kali Forms Vulnerability to Take Over WordPress Sites
A recently disclosed Kali Forms vulnerability affecting a widely used WordPress plugin has escalated into an active security threat, enabling unauthenticated attackers to achieve Remote Code Execution on affected websites. The flaw impacts Kali Forms, a drag-and-drop form builder with more than 10,000 active installations, and has already been exploited in the wild shortly after…
-
ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers
A critical security vulnerability impacting ShowDoc, a document management and collaboration service popular in China, has come under active exploitation in the wild.The vulnerability in question is CVE-2025-0520 (aka CNVD-2020-26585), which carries a CVSS score of 9.4 out of 10.0.It relates to a case of unrestricted file upload that stems from improper validation of First…
-
EUVD-2025-34630 / CVE-2025-53521 – Schwachstelle für RCE-Angriffe auf F5 BIG-IP aktiv missbraucht
First seen on security-insider.de Jump to article: www.security-insider.de/f5-big-ip-apm-kritische-rce-cve-2025-53521-a-6cca6e8b034b3416540dc3ee3590d1fb/
-
Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure
Tags: access, advisory, ai, api, attack, authentication, breach, cloud, credentials, cve, data-breach, exploit, firewall, flaw, Internet, open-source, rce, remote-code-execution, software, theft, tool, update, vulnerabilityCredentials stolen in under three minutes: To track real-world exploitation, deployed honeypot servers running vulnerable Marimo instances across multiple cloud providers and observed the first exploitation attempt within 9 hours and 41 minutes of disclosure. No ready-made exploit tool existed at the time. The attacker had built one using only the advisory description, Sysdig researchers…
-
Critical Axios Vulnerability Enables Remote Code Execution, PoC Released
A critical security vulnerability has been discovered in Axios, one of the most widely used HTTP client libraries, exposing applications to Remote Code Execution (RCE) and full cloud infrastructure compromise. Tracked as CVE-2026-40175, this flaw carries a critical CVSS 3.1 score of 9.9 and allows attackers to bypass AWS IMDSv2 security controls to exfiltrate sensitive…
-
Marimo RCE Vulnerability Exploited Within 10 Hours of Public Disclosure
Tags: cve, cvss, cyber, data-breach, exploit, flaw, open-source, rce, remote-code-execution, vulnerabilityA critical remote code execution (RCE) vulnerability in the open-source Python notebook platform Marimo was actively exploited less than 10 hours after its public disclosure. The flaw, initially tracked as GHSA-2679-6mx9-h9xc and later assigned CVE-2026-39987, carries a critical CVSS score of 9.3. It allows unauthenticated attackers to gain a full interactive shell on exposed Marimo…
-
Marimo RCE Vulnerability Exploited Within 10 Hours of Public Disclosure
Tags: cve, cvss, cyber, data-breach, exploit, flaw, open-source, rce, remote-code-execution, vulnerabilityA critical remote code execution (RCE) vulnerability in the open-source Python notebook platform Marimo was actively exploited less than 10 hours after its public disclosure. The flaw, initially tracked as GHSA-2679-6mx9-h9xc and later assigned CVE-2026-39987, carries a critical CVSS score of 9.3. It allows unauthenticated attackers to gain a full interactive shell on exposed Marimo…
-
Marimo RCE Flaw Exploited Within Hours of Disclosure
A Marimo RCE flaw is being exploited within hours, giving attackers unauthenticated access to sensitive systems. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/marimo-rce-flaw-exploited-within-hours-of-disclosure/
-
Critical Marimo pre-auth RCE flaw now under active exploitation
A critical pre-authentication remote code execution (RCE) vulnerability in Marimo is now under active exploitation, leveraged for credential theft. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-marimo-pre-auth-rce-flaw-now-under-active-exploitation/
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 92
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2 Malicious LNK Files Distributing a Python-Based Backdoor and Changes in Distribution Techniques (Kimsuky Group) Hackers Are Attempting to Turn ComfyUI Servers Into a…