Tag: remote-code-execution
-
Microsoft Patch Tuesday 2025 Year in Review
Tags: apt, attack, backdoor, cve, cyber, cybercrime, dos, exploit, flaw, malware, microsoft, ransomware, rce, remote-code-execution, service, software, threat, update, vulnerability, zero-dayMicrosoft addressed over 1,100 CVEs as part of Patch Tuesday releases in 2025, including 40 zero-day vulnerabilities. Key takeaways: Microsoft’s 2025 Patch Tuesday releases addressed 1,130 CVEs. This is the second year in a row where the CVE count was over 1,000. Elevation of Privilege vulnerabilities accounted for 38.3% of all Patch Tuesday vulnerabilities in…
-
.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL
New research has uncovered exploitation primitives in the .NET Framework that could be leveraged against enterprise-grade applications to achieve remote code execution.WatchTowr Labs, which has codenamed the “invalid cast vulnerability” SOAPwn, said the issue impacts Barracuda Service Center RMM, Ivanti Endpoint Manager (EPM), and Umbraco 8. But the number of affected vendors is likely to…
-
News brief: RCE flaws persist as top cybersecurity threat
Check out the latest security news from the Informa TechTarget team. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366636017/News-brief-RCE-flaws-persist-as-top-cybersecurity-threat
-
PeerBlight Linux Malware Abuses React2Shell for Proxy Tunneling
Tags: backdoor, control, cve, cyber, cybersecurity, exploit, linux, malware, network, remote-code-execution, vulnerabilityCybersecurity researchers have uncovered a sophisticated Linux malware campaign exploiting the critical React2Shell vulnerability (CVE-2025-55182) to deploy multiple post-exploitation payloads. A newly identified backdoor dubbed >>PeerBlight
-
Microsoft Outlook Flaw Lets Attackers Execute Malicious Code Remotely
Microsoft has disclosed a critical remote code execution vulnerability in Outlook that could allow attackers to execute malicious code on affected systems. The vulnerability, tracked as CVE-2025-62562, was officially released on December 9, 2025, and poses a significant security risk to enterprise and personal users worldwide. The flaw stems from a use-after-free weakness in Outlook’s…
-
Microsoft Outlook Flaw Lets Attackers Execute Malicious Code Remotely
Microsoft has disclosed a critical remote code execution vulnerability in Outlook that could allow attackers to execute malicious code on affected systems. The vulnerability, tracked as CVE-2025-62562, was officially released on December 9, 2025, and poses a significant security risk to enterprise and personal users worldwide. The flaw stems from a use-after-free weakness in Outlook’s…
-
PeerBlight Linux Malware Abuses React2Shell for Proxy Tunneling
Tags: backdoor, control, cve, cyber, cybersecurity, exploit, linux, malware, network, remote-code-execution, vulnerabilityCybersecurity researchers have uncovered a sophisticated Linux malware campaign exploiting the critical React2Shell vulnerability (CVE-2025-55182) to deploy multiple post-exploitation payloads. A newly identified backdoor dubbed >>PeerBlight
-
Ivanti warns customers of new EPM flaw enabling remote code execution
Ivanti warns users to address a newly disclosed Endpoint Manager vulnerability that could let attackers execute code remotely. Software firm Ivanti addressed a newly disclosed vulnerability, tracked as CVE-2025-10573 (CVSS score 9.6), in its Endpoint Manager (EPM) solution. The vulnerability is a Stored XSS that could allow a remote unauthenticated attacker to execute arbitrary >>Stored…
-
Angriffe auf React RCE-Schwachstelle (CVE-2025-55182)
In den React Server Components gibt es eine kritische RCE-Schwachstelle (CVE-2025-55182) mit einem CVSS-Score von 10.0. Das ist seit einigen Tagen bekannt. Nun laufen massive Angriffswellen gegen verwundbare Webseiten und viele Firmenauftritte wurden bereits gehackt. React RCE-Schwachstelle (CVE-2025-55182) React ist … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/09/angriffe-auf-react-rce-schwachstelle-cve-2025-55182/
-
Remote Code Execution und CVSS 10.0 – React Schwachstelle öffnet Angreifern den Weg zu Web-Apps
First seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecke-react-server-komponenten-nextjs-apps-a-8f3cd6d728f03f2513394f131fa15210/
-
Remote Code Execution und CVSS 10.0 – React Schwachstelle öffnet Angreifern den Weg zu Web-Apps
First seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecke-react-server-komponenten-nextjs-apps-a-8f3cd6d728f03f2513394f131fa15210/
-
Schwachstelle in OpenAI-Codex-CLI ermöglicht kritische Remote-Code-Execution
Die Sicherheitsforscher von Check Point Research (CPR), der IT-Forensik von Check Point Software Technologies, haben eine schwerwiegende Schwachstelle in OpenAI-Codex-CLI entdeckt. Dabei handelt es sich um das Command-Line-Tool von OpenAI, das KI-gestützte Programmierfunktionen direkt in Entwickler-Workflows integriert. Die Schwachstelle ermöglichte Remote-Code-Execution (RCE) allein durch das Öffnen eines manipulierten Projektordners und ohne Interaktion oder Zustimmung des…
-
CISA Adds Critical React2Shell Vulnerability to KEV Catalog After Active Exploitation
Tags: cisa, cyber, cybersecurity, exploit, flaw, infrastructure, kev, remote-code-execution, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has officially added a high-severity vulnerability affecting Meta’s React Server Components to its Known Exploited Vulnerabilities (KEV) catalog. Assigned the identifier CVE-2025-55182, the security flaw dubbed >>React2Shell
-
CISA Adds Critical React2Shell Vulnerability to KEV Catalog After Active Exploitation
Tags: cisa, cyber, cybersecurity, exploit, flaw, infrastructure, kev, remote-code-execution, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has officially added a high-severity vulnerability affecting Meta’s React Server Components to its Known Exploited Vulnerabilities (KEV) catalog. Assigned the identifier CVE-2025-55182, the security flaw dubbed >>React2Shell
-
Cloudflare Forces Widespread Outage to Mitigate Exploitation of Maximum Severity Vulnerability in React2Shell
A critical React2Shell (CVE-2025-55182) RCE flaw in React and Next.js is being actively exploited by China-nexus threat groups, prompting urgent patching and global mitigations. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/cloudflare-forces-widespread-outage-to-mitigate-exploitation-of-maximum-severity-vulnerability-in-react2shell/
-
Cloudflare Forces Widespread Outage to Mitigate Exploitation of Maximum Severity Vulnerability in React2Shell
A critical React2Shell (CVE-2025-55182) RCE flaw in React and Next.js is being actively exploited by China-nexus threat groups, prompting urgent patching and global mitigations. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/cloudflare-forces-widespread-outage-to-mitigate-exploitation-of-maximum-severity-vulnerability-in-react2shell/
-
U.S. CISA adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog
Tags: authentication, cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, remote-code-execution, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a a Meta React Server Components flaw, tracked as CVE-2025-55182 (CVSS Score of 10.0), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is a pre-authentication remote code execution…
-
Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks
A critical security flaw in the Sneeit Framework plugin for WordPress is being actively exploited in the wild, per data from Wordfence.The remote code execution vulnerability in question is CVE-2025-6389 (CVSS score: 9.8), which affects all versions of the plugin prior to and including 8.3. It has been patched in version 8.4, released on August…
-
Critical React2Shell RCE Flaw Actively Exploited to Run Malicious Code
A critical remote code execution vulnerability in React Server Components has emerged as an active exploitation target, with security researchers observing widespread automated attacks across the internet. The flaw, tracked asCVE-2025-55182and dubbed >>React2Shell,
-
Critical React2Shell RCE Flaw Actively Exploited to Run Malicious Code
A critical remote code execution vulnerability in React Server Components has emerged as an active exploitation target, with security researchers observing widespread automated attacks across the internet. The flaw, tracked asCVE-2025-55182and dubbed >>React2Shell,
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 74
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Analysis of ShadowPad Attack Exploiting WSUS Remote Code Execution Vulnerability (CVE-2025-59287) Shai-Hulud 2.0 Supply Chain Attack: 25K+ npm Repos Exposed Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications Morphisec Thwarts Russian-Linked…
-
React2Shell flaw exploited to breach 30 orgs, 77k IP addresses vulnerable
Over 77,000 Internet-exposed IP addresses are vulnerable to the critical React2Shell remote code execution flaw (CVE-2025-55182), with researchers now confirming that attackers have already compromised over 30 organizations across multiple sectors. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/react2shell-flaw-exploited-to-breach-30-orgs-77k-ip-addresses-vulnerable/
-
Researchers Uncover 30+ Flaws in AI Coding Tools Enabling Data Theft and RCE Attacks
Tags: ai, attack, data, flaw, injection, intelligence, rce, remote-code-execution, theft, tool, vulnerabilityOver 30 security vulnerabilities have been disclosed in various artificial intelligence (AI)-powered Integrated Development Environments (IDEs) that combine prompt injection primitives with legitimate features to achieve data exfiltration and remote code execution.The security shortcomings have been collectively named IDEsaster by security researcher Ari Marzouk (MaccariTA). They affect popular First seen on thehackernews.com Jump to article:…
-
Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, remote-code-execution, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting React Server Components (RSC) to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild.The vulnerability, CVE-2025-55182 (CVSS score: 10.0), relates to a case of remote code execution that could be triggered by an…
-
Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, remote-code-execution, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting React Server Components (RSC) to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild.The vulnerability, CVE-2025-55182 (CVSS score: 10.0), relates to a case of remote code execution that could be triggered by an…
-
Cyber teams on alert as React2Shell exploitation spreads
Exploitation of an RCE flaw in a widely-used open source library is spreading quickly, with China-backed threat actors in the driving seat First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366636015/Cyber-teams-on-alert-as-React2Shell-exploitation-spreads
-
Cloudflare blames today’s outage on emergency React2Shell patch
Cloudflare has blamed today’s outage on the emergency patching of a critical React remote code execution vulnerability, which is now actively exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cloudflare-blames-todays-outage-on-emergency-react2shell-patch/