#jobs #incident #vulnerability #patch-management #security-tools #ai #detection-engineering #exploit #malware #cloud #breach #phishing #ransomware #zero-day #authentication
Articles tagged with: #rce Clear filter
CrowdStrike Warns of New Mass Exploitation Campaign Leveraging Oracle E-Business Suite 0-Day

CrowdStrike Warns of New Mass Exploitation Campaign Leveraging Oracle E-Business Suite 0-Day

Cyber Security News cybersecuritynews.com

A widespread campaign observed exploiting a novel zero-day vulnerability in Oracle E-Business Suite (EBS) applications, now tracked as CVE-2025-61882. First observed on August 9, 2025, this unauthenticated remote code execution (RCE) flaw is being weaponized to bypass authentication, deploy web shells, and exfiltrate sensitive data from internet-exposed EBS instances. CrowdStrike assesses with moderate confidence that

#rce #vulnerability #exploit #authentication #zero-day
GoAnywhere 0-Day RCE Vulnerability Exploited in the Wild to Deploy Medusa Ransomware

GoAnywhere 0-Day RCE Vulnerability Exploited in the Wild to Deploy Medusa Ransomware

Cyber Security News cybersecuritynews.com

A critical deserialization flaw in GoAnywhere MFT's License Servlet, tracked as CVE-2025-10035, has already been weaponized by the Storm-1175 group to execute the Medusa ransomware. The vulnerability affects GoAnywhere MFT versions up to 7.8.3. It resides in the License Servlet Admin Console, where a threat actor can forge a license response signature and bypass validation

#rce #vulnerability #patch-management #deserialization #ransomware
13-year-old Critical Redis RCE Vulnerability Let Attackers Gain Full Access to Host System

13-year-old Critical Redis RCE Vulnerability Let Attackers Gain Full Access to Host System

Cyber Security News cybersecuritynews.com

A 13-year-old critical remote code execution (RCE) vulnerability in Redis, dubbed RediShell, allows attackers to gain full access to the underlying host system. The flaw, tracked as CVE-2025-49844, was discovered by Wiz Research and has been assigned the highest possible CVSS severity score of 10.0, a rating reserved for the most severe security issues. The

#rce #vulnerability #patch-management
Oracle EBS CVE-2025-61882

Oracle EBS CVE-2025-61882

cybersecurity www.reddit.com

Curious if anyone has patched this and seen a change in their webserver behavior. I was testing against my companies exposed sites that use EBS this morning, just doing the initial SSRF portion that caused the target webserver to reach out to an arbitrary external domain. I never tried to reach RCE as I don't have any infra outside the org to actually serve back the JSP/XSL that would contain the b64 encoded code to open a reverse shell. After applying the patch, the SSRF still happens exactly...

#rce #vulnerability #patch-management #ssrf
Google Chrome RCE Vulnerability Details Released Along with Exploit Code

Google Chrome RCE Vulnerability Details Released Along with Exploit Code

Cyber Security News cybersecuritynews.com

Researchers have published the full technical details and exploit code for a critical remote code execution (RCE) vulnerability in Google Chrome's V8 JavaScript engine. Tracked internally as a WebAssembly type canonicalization bug, the flaw stems from an improper nullability check in the CanonicalEqualityEqualValueType function introduced by commit 44171ac in Chrome M135 and above. This regression

#rce #vulnerability #patch-management #incident #exploit
New Chrome RCE

New Chrome RCE

cybersecurity www.reddit.com

A Remote Code Execution chain was discovered leveraging two severe V8 engine vulnerabilities in Google Chrome. The bug affects all Chrome builds having the ValueType refactoring commit 44171ac - M135 and above in the stable channel. submitted by /u/Straight-Zombie-646 [link] [comments]

#rce #vulnerability
Sledding Game Demo RCE exploit

Sledding Game Demo RCE exploit

cybersecurity www.reddit.com

Supposedly there is currently a live RCE exploit in the game "Sledding Game Demo" on Steam, is anyone able to confirm this issue? The developer has put out several warnings against hackers, even going so far as to disable public hosting/lobbies and sharing steam IDs in their discord but has not explicitly stated if an RCE is live or not. Is it possible to test if there truly is a RCE exploit within the game client and if so, what would be the easiest way it appears to use Steam's p2p relay...

#rce #incident #exploit
VU#294418: Vigor routers running DrayOS are vulnerable to RCE via EasyVPN and LAN web administration interface

VU#294418: Vigor routers running DrayOS are vulnerable to RCE via EasyVPN and LAN web administration interface

CERT Recently Published Vulnerability Notes kb.cert.org

Overview A remote code execution (RCE) vulnerability, tracked as CVE-2025-10547, was discovered through the EasyVPN and LAN web administration interface of Vigor routers by Draytek. A script in the LAN web administration interface uses an unitialized variable, allowing an attacker to send specially crafted HTTP requests that cause memory corruption and potentially allow arbitrary code execution. Description Vigor routers are business-grade routers, designed for small to medium-sized businesses,...

#rce #vulnerability #patch-management
Supply chain security is impossible when every dependency has dependencies with vulnerabilities

Supply chain security is impossible when every dependency has dependencies with vulnerabilities

cybersecurity www.reddit.com

I just finished a scan on what we thought was a well-maintained project. Turns out, my direct dependencies are all clean.. not a single critical vulnerability. I felt pretty good. Then I let the scanner go deeper. That's when it found it: a critical RCE in a tiny, forgotten library buried five layers deep in node_modules . The maintainer hasn't touched it in years. Now I'm staring at a full fork and patching job that could break everything else. It feels completely hopeless. How is anyone...

#security-tools #rce #vulnerability #patch-management #supply-chain
Threat Actors Allegedly Listed Veeam RCE Exploit for Sale on Dark Web

Threat Actors Allegedly Listed Veeam RCE Exploit for Sale on Dark Web

Cyber Security News cybersecuritynews.com

Veeam Backup & Replication, a cornerstone of many enterprises' data protection strategy, has reportedly become the focus of a new exploit being offered on a clandestine marketplace. According to a recent listing, a seller operating under the handle "SebastianPereiro" claims to possess a remote-code-execution (RCE) exploit targeting specific Veeam 12.x builds. Dubbed the "Bug of

#rce #incident #exploit
WhatsApp 0-Click Vulnerability Exploited Using Malicious DNG File

WhatsApp 0-Click Vulnerability Exploited Using Malicious DNG File

Cyber Security News cybersecuritynews.com

Security researchers detailed a zero-click remote code execution (RCE) vulnerability affecting WhatsApp on Apple's iOS, macOS, and iPadOS platforms. The attack chain exploits two distinct vulnerabilities, identified as CVE-2025-55177 and CVE-2025-43300, to compromise a target device without requiring user interaction. The exploit, demonstrated in a proof-of-concept (PoC) shared by the DarkNavyOrg researchers, is initiated by

#rce #vulnerability #patch-management #incident #exploit
Lesson From Cisco ASA 0-Day RCE Vulnerability That Actively Exploited In The Wild

Lesson From Cisco ASA 0-Day RCE Vulnerability That Actively Exploited In The Wild

Cyber Security News cybersecuritynews.com

The cybersecurity landscape experienced a significant escalation in September 2025, when Cisco disclosed multiple critical zero-day vulnerabilities affecting its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) platforms. At the center of this security crisis lies CVE-2025-20333, a devastating remote code execution vulnerability with a CVSS score of 9.9, which sophisticated state-sponsored threat actors

#rce #vulnerability #patch-management #zero-day
Cisco ASA 0-Day RCE Vulnerability Actively Exploited in the Wild

Cisco ASA 0-Day RCE Vulnerability Actively Exploited in the Wild

Cyber Security News cybersecuritynews.com

Cisco has issued an emergency security advisory warning of active exploitation of a critical zero-day vulnerability in its Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) software platforms. The vulnerability, tracked as CVE-2025-20333, carries a maximum CVSS score of 9.9 and enables authenticated remote attackers to execute arbitrary code with root

#rce #vulnerability #patch-management #exploit #zero-day
NVIDIA Merlin Vulnerability Allow Attacker to Achieve Remote Code Execution With Root Privileges

NVIDIA Merlin Vulnerability Allow Attacker to Achieve Remote Code Execution With Root Privileges

Cyber Security News cybersecuritynews.com

A critical vulnerability in NVIDIA's Merlin Transformers4Rec library (CVE-2025-23298) enables unauthenticated attackers to achieve remote code execution (RCE) with root privileges via unsafe deserialization in the model checkpoint loader. The discovery underscores the persistent security risks inherent in ML/AI frameworks' reliance on Python's pickle serialization. NVIDIA Merlin Vulnerability Trend Micro's Zero Day Initiative (ZDI) stated

#rce #vulnerability #patch-management #deserialization #zero-day
Cisco Warns of Actively Exploited SNMP Vulnerability Allowing RCE or DoS in IOS Software

Cisco Warns of Actively Exploited SNMP Vulnerability Allowing RCE or DoS in IOS Software

The Hacker News thehackernews.com

Cisco has warned of a high-severity security flaw in IOS Software and IOS XE Software that could allow a remote attacker to execute arbitrary code or trigger a denial-of-service (DoS) condition under specific circumstances. The company said the vulnerability, CVE-2025-20352 (CVSS score: 7.7), has been exploited in the wild, adding it became aware of it "after local Administrator credentials were

#rce #vulnerability #patch-management