RCE

ISC Stormcast April 28, 2025: Key Cybersecurity Threats and Tools

Threat Intelligence

ISC Stormcast April 28, 2025: Key Cybersecurity Threats and Tools

The latest episode of the SANS Internet Storm Center (ISC) Stormcast, released on April 28, 2025, covers...

IXON VPN Client Vulnerabilities: Technical Analysis of Privilege Escalation Flaws

CVE News

IXON VPN Client Vulnerabilities: Technical Analysis of Privilege Escalation Flaws

Security researchers at Shelltrail have identified three critical vulnerabilities in the IXON VPN client that could allow...

Quick Agent Path Traversal Vulnerability (CVE-2025-26692): Analysis and Mitigation

CVE News

Quick Agent Path Traversal Vulnerability (CVE-2025-26692): Analysis and Mitigation

A critical path traversal vulnerability (CVE-2025-26692) affecting SIOS Technology’s Quick Agent (V2 and V3) has been disclosed,...

iPhone “Infostealer” Malware Threat: Analysis and Mitigation (2025 Update)

Threat Intelligence

iPhone “Infostealer” Malware Threat: Analysis and Mitigation (2025 Update)

A new wave of cyberattacks targeting iPhone users has emerged, with malware dubbed “Infostealer” compromising millions of...

Windows “inetpub” Security Fix Exploited to Block Future Updates: Technical Analysis

CVE News

Windows “inetpub” Security Fix Exploited to Block Future Updates: Technical Analysis

A recent Windows security update designed to mitigate a privilege escalation vulnerability has inadvertently introduced a new...

Moodle EQUELLA Remote Code Execution Vulnerability (CVE-2025-3642): Analysis and Mitigation

CVE News

Moodle EQUELLA Remote Code Execution Vulnerability (CVE-2025-3642): Analysis and Mitigation

A high-severity remote code execution (RCE) vulnerability (CVE-2025-3642) has been identified in Moodle’s EQUELLA repository integration, posing...

ScreenConnect ASP.NET ViewState Code Injection Vulnerability (CVE-2025-3935): Analysis and Mitigation

CVE News

ScreenConnect ASP.NET ViewState Code Injection Vulnerability (CVE-2025-3935): Analysis and Mitigation

A high-severity vulnerability (CVE-2025-3935) affecting ScreenConnect versions 25.2.3 and earlier has been disclosed, involving ASP.NET ViewState code...

Analysis of Actively Exploited Chrome UAF Vulnerabilities and Mitigation Strategies

CVE News

Analysis of Actively Exploited Chrome UAF Vulnerabilities and Mitigation Strategies

Google Chrome recently faced two critical use-after-free (UAF) vulnerabilities that were actively exploited in the wild before...

Sophisticated WooCommerce Phishing Campaign Exploits Fake Security Alerts

Blue-Team

Sophisticated WooCommerce Phishing Campaign Exploits Fake Security Alerts

A widespread phishing campaign targeting WooCommerce store owners has been identified, leveraging fabricated security vulnerability alerts to...

Metasploit Enhances AD CS Exploitation Capabilities with New PKCS12 Features

Red-Team

Metasploit Enhances AD CS Exploitation Capabilities with New PKCS12 Features

The latest Metasploit Framework update introduces significant improvements for Active Directory Certificate Services (AD CS) exploitation, particularly...

News

Popular LLMs Generate Vulnerable Code by Default: Risks and Mitigations

A recent study by Backslash Security reveals that popular large language models (LLMs) frequently produce code containing...

ISC Stormcast: SMS Gateway Scans, Commvault Exploit, and Emerging Threats (April 25, 2025)

Threat Intelligence

ISC Stormcast: SMS Gateway Scans, Commvault Exploit, and Emerging Threats (April 25, 2025)

The SANS Internet Storm Center (ISC) Stormcast for April 25, 2025, highlights critical cybersecurity developments, including SMS...

iPhone Malware Threat: Infostealer Campaign Targets 26M Users

Threat Intelligence

iPhone Malware Threat: Infostealer Campaign Targets 26M Users

A widespread malware campaign targeting iPhone users has escalated, with security experts warning of a surge in...

Critical RCE Vulnerability in Quantum StorNext Web GUI API (CVE-2025-46616)

CVE News

Critical RCE Vulnerability in Quantum StorNext Web GUI API (CVE-2025-46616)

A critical vulnerability (CVE-2025-46616) has been identified in Quantum StorNext Web GUI API versions prior to 7.2.4,...

Critical Zyxel USG FLEX-H Firewall Vulnerabilities Expose Networks to Pre-Auth RCE

CVE News

Critical Zyxel USG FLEX-H Firewall Vulnerabilities Expose Networks to Pre-Auth RCE

Security researcher Alessandro Sgreccia (aka “rainpwn”) has disclosed critical vulnerabilities in Zyxel’s USG FLEX-H firewall series, enabling...

Critical Commvault RCE Vulnerability (CVE-2025-34028) Exploited in the Wild

CVE News

Critical Commvault RCE Vulnerability (CVE-2025-34028) Exploited in the Wild

Organizations using Commvault’s backup and recovery software are under immediate threat due to an actively exploited pre-authenticated...

New Cryptojacking Campaign Exploits Docker with Advanced Evasion Techniques

Malware Analysis

New Cryptojacking Campaign Exploits Docker with Advanced Evasion Techniques

A newly discovered cryptojacking campaign is targeting Docker environments using sophisticated evasion techniques to deploy cryptocurrency miners...

CarlinKit CPC200-CCPA Firmware Update Vulnerabilities Expose Devices to Remote Code Execution

CVE News

CarlinKit CPC200-CCPA Firmware Update Vulnerabilities Expose Devices to Remote Code Execution

A critical vulnerability (CVE-2025-2764) in CarlinKit CPC200-CCPA devices allows network-adjacent attackers to bypass cryptographic signature checks and...

Sonos Era 300 Vulnerability (CVE-2025-1049): Heap-Based Buffer Overflow Enables Remote Code Execution

CVE News

Sonos Era 300 Vulnerability (CVE-2025-1049): Heap-Based Buffer Overflow Enables Remote Code Execution

A critical vulnerability (CVE-2025-1049) affecting Sonos Era 300 speakers has been disclosed, allowing network-adjacent attackers to execute...

Resurgent Vulnerabilities Pose Unique Risks to Edge Devices and Critical Infrastructure

Threat Intelligence

Resurgent Vulnerabilities Pose Unique Risks to Edge Devices and Critical Infrastructure

Attackers are increasingly exploiting older, resurgent vulnerabilities—flaws that were patched years ago but remain unaddressed in many...

Posts pagination

Previous 1 … 4 5 6 7 8 9 10 … 12 Next

RCE

ISC Stormcast April 28, 2025: Key Cybersecurity Threats and Tools

IXON VPN Client Vulnerabilities: Technical Analysis of Privilege Escalation Flaws

Quick Agent Path Traversal Vulnerability (CVE-2025-26692): Analysis and Mitigation

iPhone “Infostealer” Malware Threat: Analysis and Mitigation (2025 Update)

Windows “inetpub” Security Fix Exploited to Block Future Updates: Technical Analysis

Moodle EQUELLA Remote Code Execution Vulnerability (CVE-2025-3642): Analysis and Mitigation

ScreenConnect ASP.NET ViewState Code Injection Vulnerability (CVE-2025-3935): Analysis and Mitigation

Analysis of Actively Exploited Chrome UAF Vulnerabilities and Mitigation Strategies

Sophisticated WooCommerce Phishing Campaign Exploits Fake Security Alerts

Metasploit Enhances AD CS Exploitation Capabilities with New PKCS12 Features

Popular LLMs Generate Vulnerable Code by Default: Risks and Mitigations

ISC Stormcast: SMS Gateway Scans, Commvault Exploit, and Emerging Threats (April 25, 2025)

iPhone Malware Threat: Infostealer Campaign Targets 26M Users

Critical RCE Vulnerability in Quantum StorNext Web GUI API (CVE-2025-46616)

Critical Zyxel USG FLEX-H Firewall Vulnerabilities Expose Networks to Pre-Auth RCE

Critical Commvault RCE Vulnerability (CVE-2025-34028) Exploited in the Wild

New Cryptojacking Campaign Exploits Docker with Advanced Evasion Techniques

CarlinKit CPC200-CCPA Firmware Update Vulnerabilities Expose Devices to Remote Code Execution

Sonos Era 300 Vulnerability (CVE-2025-1049): Heap-Based Buffer Overflow Enables Remote Code Execution

Resurgent Vulnerabilities Pose Unique Risks to Edge Devices and Critical Infrastructure

You may have missed

ClickFix Malware Campaigns Resurrect Decades-Old Finger Protocol for Command Retrieval

North Korean IT Worker Scheme: A Technical Analysis of Infiltration and Fraud

Digital Passport Integration in Mobile Wallets: A Security Analysis

U.S. Launches Scam Center Strike Force to Combat $10 Billion Crypto Fraud Networks