Remote Code Execution

Critical React and Next.js RCE Vulnerability: Analysis of CVE-2025-55182 and CVE-2025-66478

CVE News

Critical React and Next.js RCE Vulnerability: Analysis of CVE-2025-55182 and CVE-2025-66478

On December 3, 2025, the React and Next.js ecosystems were alerted to a maximum-severity vulnerability enabling unauthenticated...

ShadowRay Campaign: First Major Attack on AI Infrastructure Exploits Disputed Ray Vulnerability

Threat Intelligence

ShadowRay Campaign: First Major Attack on AI Infrastructure Exploits Disputed Ray Vulnerability

A widespread campaign known as ShadowRay is actively exploiting a critical, yet officially disputed, vulnerability in the...

RondoDox Botnet Exploits Critical XWiki Vulnerability in Widespread Campaign

CVE News

RondoDox Botnet Exploits Critical XWiki Vulnerability in Widespread Campaign

A critical security vulnerability in the XWiki Platform, tracked as CVE-2025-24893, is now being actively exploited by...

Triofox Antivirus Feature Abused for SYSTEM-Level Code Execution

CVE News

Triofox Antivirus Feature Abused for SYSTEM-Level Code Execution

A critical vulnerability in Gladinet’s Triofox file-sharing platform has been actively exploited by threat actors to bypass...

SAP November 2025 Patch Day: Critical Hardcoded Credentials and Code Injection Flaws Addressed

CVE News

SAP November 2025 Patch Day: Critical Hardcoded Credentials and Code Injection Flaws Addressed

SAP has released its November 2025 security updates, a critical patch batch addressing 18 new security notes...

Zimbra Zero-Day Exploited via Malicious iCalendar Files

CVE News

Zimbra Zero-Day Exploited via Malicious iCalendar Files

Security researchers have identified a new zero-day attack campaign targeting Zimbra Collaboration Suite (ZCS) that leverages malicious...

DrayTek Router Security Crisis: Critical RCE and Global Reboot Incident Explained

CVE News

DrayTek Router Security Crisis: Critical RCE and Global Reboot Incident Explained

Networking hardware manufacturer DrayTek is confronting a significant security crisis involving multiple vulnerabilities in its Vigor router...

Western Digital Patches Critical My Cloud Command Injection Vulnerability

CVE News

Western Digital Patches Critical My Cloud Command Injection Vulnerability

Western Digital has released firmware updates to address a critical-severity vulnerability in multiple My Cloud Network Attached...

Critical Deserialization Flaw in GoAnywhere MFT Poses Maximum Risk of Remote System Takeover

CVE News

Critical Deserialization Flaw in GoAnywhere MFT Poses Maximum Risk of Remote System Takeover

Fortra has issued an urgent security advisory concerning a newly identified vulnerability in its GoAnywhere Managed File...

Microsoft September 2025 Patch Tuesday: Analysis of 81 Flaws and Two Zero-Days

Blue-Team

Microsoft September 2025 Patch Tuesday: Analysis of 81 Flaws and Two Zero-Days

Microsoft’s September 2025 Patch Tuesday has been released, addressing a total of 81 security vulnerabilities across its...

Critical Docker Desktop Vulnerability CVE-2025-9074 Enables Host Takeover

CVE News

Critical Docker Desktop Vulnerability CVE-2025-9074 Enables Host Takeover

A critical vulnerability in Docker Desktop for Windows and macOS, designated CVE-2025-9074, has been patched after it...

Gemini AI Hijacking via Poisoned Google Calendar Invites: Technical Breakdown

Red-Team

Gemini AI Hijacking via Poisoned Google Calendar Invites: Technical Breakdown

Google has patched a critical vulnerability that allowed attackers to remotely compromise Gemini AI agents through malicious...

Critical Pre-Auth RCE Exploit Released for Fortinet FortiWeb: Patch Immediately

CVE News

Critical Pre-Auth RCE Exploit Released for Fortinet FortiWeb: Patch Immediately

Proof-of-concept (PoC) exploits for a critical SQL injection (SQLi) vulnerability in Fortinet FortiWeb have been publicly released,...

PerfektBlue Bluetooth Vulnerabilities Expose Critical Automotive Systems to Remote Attacks

CVE News

PerfektBlue Bluetooth Vulnerabilities Expose Critical Automotive Systems to Remote Attacks

Four vulnerabilities in OpenSynergy’s BlueSDK Bluetooth stack, collectively dubbed PerfektBlue, have been identified as affecting vehicles from...

Cisco ISE and ISE-PIC Vulnerabilities: Critical RCE Flaws Require Immediate Patching

CVE News

Cisco ISE and ISE-PIC Vulnerabilities: Critical RCE Flaws Require Immediate Patching

Cisco has issued an urgent security advisory regarding two critical remote code execution (RCE) vulnerabilities affecting its...

BeyondTrust Remote Support Vulnerability (CVE-2025-5309): Pre-Auth RCE Analysis

CVE News

BeyondTrust Remote Support Vulnerability (CVE-2025-5309): Pre-Auth RCE Analysis

BeyondTrust has issued critical security updates to address a high-severity Server-Side Template Injection (SSTI) vulnerability in its...

Sitecore XP Exploit Chain: Hardcoded Credentials Lead to Unauthenticated RCE

CVE News

Sitecore XP Exploit Chain: Hardcoded Credentials Lead to Unauthenticated RCE

A critical vulnerability chain in Sitecore Experience Platform (XP) allows attackers to gain full server control starting...

Trend Micro Patches Critical RCE and Authentication Bypass Vulnerabilities in Apex Central and Endpoint Encryption

CVE News

Trend Micro Patches Critical RCE and Authentication Bypass Vulnerabilities in Apex Central and Endpoint Encryption

Trend Micro has released urgent security updates addressing multiple critical-severity vulnerabilities in its Apex Central and Endpoint...

Microsoft June 2025 Patch Tuesday: Critical Zero-Day Fixes and 66 Flaws Addressed

CVE News

Microsoft June 2025 Patch Tuesday: Critical Zero-Day Fixes and 66 Flaws Addressed

Microsoft’s June 2025 Patch Tuesday has arrived, delivering security updates for 66 vulnerabilities, including one actively exploited...

Critical Authentication Bypass and RCE Vulnerabilities in HPE StoreOnce Software

CVE News

Critical Authentication Bypass and RCE Vulnerabilities in HPE StoreOnce Software

Hewlett Packard Enterprise (HPE) has issued an urgent security bulletin warning of eight vulnerabilities in its StoreOnce...

Posts pagination

1 2 3 4 Next

Remote Code Execution

Critical React and Next.js RCE Vulnerability: Analysis of CVE-2025-55182 and CVE-2025-66478

RondoDox Botnet Exploits Critical XWiki Vulnerability in Widespread Campaign

Triofox Antivirus Feature Abused for SYSTEM-Level Code Execution

SAP November 2025 Patch Day: Critical Hardcoded Credentials and Code Injection Flaws Addressed

Zimbra Zero-Day Exploited via Malicious iCalendar Files

DrayTek Router Security Crisis: Critical RCE and Global Reboot Incident Explained

Western Digital Patches Critical My Cloud Command Injection Vulnerability

Critical Deserialization Flaw in GoAnywhere MFT Poses Maximum Risk of Remote System Takeover

Microsoft September 2025 Patch Tuesday: Analysis of 81 Flaws and Two Zero-Days

Critical Docker Desktop Vulnerability CVE-2025-9074 Enables Host Takeover

Gemini AI Hijacking via Poisoned Google Calendar Invites: Technical Breakdown

Critical Pre-Auth RCE Exploit Released for Fortinet FortiWeb: Patch Immediately

PerfektBlue Bluetooth Vulnerabilities Expose Critical Automotive Systems to Remote Attacks

Cisco ISE and ISE-PIC Vulnerabilities: Critical RCE Flaws Require Immediate Patching

BeyondTrust Remote Support Vulnerability (CVE-2025-5309): Pre-Auth RCE Analysis

Sitecore XP Exploit Chain: Hardcoded Credentials Lead to Unauthenticated RCE

Trend Micro Patches Critical RCE and Authentication Bypass Vulnerabilities in Apex Central and Endpoint Encryption

Microsoft June 2025 Patch Tuesday: Critical Zero-Day Fixes and 66 Flaws Addressed

Critical Authentication Bypass and RCE Vulnerabilities in HPE StoreOnce Software

You may have missed

EU’s Landmark Fine Against X Tests Enforcement of Digital Regulations Amid Transatlantic Tensions

Spain’s Young Hackers: A Pattern of Escalating Cybercrime from Data Theft to Political Cyberterrorism

Australia’s Social Media Age Ban: A Technical and Operational Analysis of Enforcement and Evasion

Google Chrome’s New Security Architecture for Agentic AI Browsing: A Technical Analysis