Remote Code Execution

CVE-2025-2249: WordPress SoJ SoundSlides Plugin Vulnerability Exposes Sites to Arbitrary File Uploads

CVE News

CVE-2025-2249: WordPress SoJ SoundSlides Plugin Vulnerability Exposes Sites to Arbitrary File Uploads

A critical vulnerability (CVE-2025-2249) in the WordPress SoJ SoundSlides plugin allows authenticated attackers with Contributor-level access or...

Critical RCE Vulnerability in TOTOLINK A800R Routers (CVE-2025-28138)

CVE News

Critical RCE Vulnerability in TOTOLINK A800R Routers (CVE-2025-28138)

A critical remote code execution (RCE) vulnerability, tracked as CVE-2025-28138, has been identified in TOTOLINK A800R routers...

Critical RCE Vulnerability in Shinetheme Traveler (CVE-2025-26873): Analysis and Mitigation

CVE News

Critical RCE Vulnerability in Shinetheme Traveler (CVE-2025-26873): Analysis and Mitigation

A critical remote code execution (RCE) vulnerability, tracked as CVE-2025-26873, has been disclosed in the Shinetheme Traveler...

Critical Zero-Day Exploit in Palo Alto GlobalProtect Firewalls (CVE-2024-3400) Actively Exploited

CVE News

Critical Zero-Day Exploit in Palo Alto GlobalProtect Firewalls (CVE-2024-3400) Actively Exploited

A critical zero-day vulnerability (CVE-2024-3400) in Palo Alto Networks’ PAN-OS firewalls has been actively exploited since at...

Detecting and Mitigating CVE-2024-3400: Critical Zero-Day in Palo Alto GlobalProtect

CVE News

Detecting and Mitigating CVE-2024-3400: Critical Zero-Day in Palo Alto GlobalProtect

A critical zero-day vulnerability (CVE-2024-3400) in Palo Alto Networks’ PAN-OS GlobalProtect feature has been actively exploited since...

Trojan.MSIL.SUPERNOVA.A: Technical Analysis of the Windows Trojan Threat

Malware Analysis

Trojan.MSIL.SUPERNOVA.A: Technical Analysis of the Windows Trojan Threat

Trojan.MSIL.SUPERNOVA.A represents a significant Windows-based threat with high damage potential despite its currently limited distribution. First identified...

Trojan.W97M.CVE202140444.A: Analyzing the Microsoft Office Exploit That Enables Remote Code Execution

CVE News

Trojan.W97M.CVE202140444.A: Analyzing the Microsoft Office Exploit That Enables Remote Code Execution

A newly identified threat, Trojan.W97M.CVE202140444.A, exploits a critical Microsoft Office vulnerability (CVE-2021-40444) to execute remote code through...

Critical OpenSSH Vulnerabilities CVE-2024-6387 and CVE-2024-6409: Analysis and Mitigation Strategies

CVE News

Critical OpenSSH Vulnerabilities CVE-2024-6387 and CVE-2024-6409: Analysis and Mitigation Strategies

Two critical vulnerabilities in OpenSSH—CVE-2024-6387 (dubbed “regreSSHion”) and CVE-2024-6409—pose significant risks to Linux systems running vulnerable versions....

Critical WhatsUp Gold Vulnerabilities Exploited for RCE: Patch Now to Prevent Attacks

CVE News

Critical WhatsUp Gold Vulnerabilities Exploited for RCE: Patch Now to Prevent Attacks

Progress Software’s WhatsUp Gold, a widely used network monitoring solution, is under active attack due to two...

How Trend Micro’s Managed XDR Detected and Contained a Web Shell Attack on IIS Servers

Blue-Team

How Trend Micro’s Managed XDR Detected and Contained a Web Shell Attack on IIS Servers

A recent investigation by Trend Micro’s Managed XDR team uncovered a sophisticated web shell attack targeting Internet...

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-1974) Exposes Clusters to Remote Code Execution

CVE News

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-1974) Exposes Clusters to Remote Code Execution

A critical security vulnerability (CVE-2025-1974) in Kubernetes’ ingress-nginx controller has been disclosed, allowing unauthenticated attackers with pod...

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2726) Puts Networks at Risk

CVE News

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2726) Puts Networks at Risk

A newly discovered critical vulnerability (CVE-2025-2726) affecting multiple H3C Magic series routers allows remote attackers to execute...

Critical Yii2 Framework Vulnerability (CVE-2025-2690): Remote Code Execution Risk

CVE News

Critical Yii2 Framework Vulnerability (CVE-2025-2690): Remote Code Execution Risk

A critical deserialization vulnerability (CVE-2025-2690) has been discovered in the Yii2 PHP framework, allowing remote code execution....

IBM Storage Products Patched for Critical Authentication Bypass and RCE Vulnerabilities

CVE News

IBM Storage Products Patched for Critical Authentication Bypass and RCE Vulnerabilities

Summary: IBM has addressed critical security vulnerabilities in its enterprise storage products, including authentication bypass (CVE-2025-0159) and...

Critical FortiOS and FortiProxy RCE Vulnerability (CVE-2023-25610): Patch Now to Prevent Remote Exploitation

CVE News

Critical FortiOS and FortiProxy RCE Vulnerability (CVE-2023-25610): Patch Now to Prevent Remote Exploitation

Summary: Fortinet has disclosed a critical buffer underwrite vulnerability (CVE-2023-25610) affecting multiple versions of FortiOS and FortiProxy,...

CVE-2024-9880 – Apache Pandas Command Injection Vulnerability

Exploitation

CVE-2024-9880 – Apache Pandas Command Injection Vulnerability

A high-severity vulnerability, CVE-2024-9880, has been identified in the Apache Pandas library, a cornerstone of data analysis...

CVE-2025-1040: AutoGPT Vulnerability Exposes Systems to Remote Code Execution via SSTI

Exploitation

CVE-2025-1040: AutoGPT Vulnerability Exposes Systems to Remote Code Execution via SSTI

TL;DR CVE ID: CVE-2025-1040 Severity: High (CVSS 8.8) Affected Versions: AutoGPT 0.3.4 and earlier Vulnerability Type: Server-Side...

Remote Code Execution

CVE-2025-2249: WordPress SoJ SoundSlides Plugin Vulnerability Exposes Sites to Arbitrary File Uploads

Critical RCE Vulnerability in TOTOLINK A800R Routers (CVE-2025-28138)

Critical RCE Vulnerability in Shinetheme Traveler (CVE-2025-26873): Analysis and Mitigation

Critical Zero-Day Exploit in Palo Alto GlobalProtect Firewalls (CVE-2024-3400) Actively Exploited

Detecting and Mitigating CVE-2024-3400: Critical Zero-Day in Palo Alto GlobalProtect

Trojan.MSIL.SUPERNOVA.A: Technical Analysis of the Windows Trojan Threat

Trojan.W97M.CVE202140444.A: Analyzing the Microsoft Office Exploit That Enables Remote Code Execution

Critical OpenSSH Vulnerabilities CVE-2024-6387 and CVE-2024-6409: Analysis and Mitigation Strategies

Critical WhatsUp Gold Vulnerabilities Exploited for RCE: Patch Now to Prevent Attacks

How Trend Micro’s Managed XDR Detected and Contained a Web Shell Attack on IIS Servers

Critical Kubernetes Ingress-Nginx Vulnerability (CVE-2025-1974) Exposes Clusters to Remote Code Execution

Critical Command Injection Vulnerability in H3C Magic Routers (CVE-2025-2726) Puts Networks at Risk

Critical Yii2 Framework Vulnerability (CVE-2025-2690): Remote Code Execution Risk

IBM Storage Products Patched for Critical Authentication Bypass and RCE Vulnerabilities

Critical FortiOS and FortiProxy RCE Vulnerability (CVE-2023-25610): Patch Now to Prevent Remote Exploitation

CVE-2024-9880 – Apache Pandas Command Injection Vulnerability

CVE-2025-1040: AutoGPT Vulnerability Exposes Systems to Remote Code Execution via SSTI

You may have missed

Hong Kong Data Breach: 128,000 Records Exposed Due to System Neglect and Outdated Infrastructure

Oracle’s SaaS Breach Cover-Up Exposed: Evidence Contradicts Denials

National Defense Corporation Ransomware Attack: Breach Disclosed, Ransom Refused

Lucid PhaaS Platform Targets iOS and Android Users via iMessage and RCS