Tag: rce
-
Over 12,000 KerioControl firewalls remain prone to RCE attack amid active exploits
by
in SecurityNewsThe flaw enables one-click RCE: The Kerio Control vulnerability, in conjunction with an older vulnerability, can allow escalating the issue into a one-click RCE attack, granting root access to the firewall system. The flaw has persisted for nearly seven years, affecting versions 9.2.5 (released in 2018) to 9.4.5.According to Romano’s POC, the exploit would include…
-
12,000+ KerioControl Firewalls Exposed to 1-Click RCE Attack
by
in SecurityNews
Tags: attack, cve, cyber, cybersecurity, data-breach, exploit, firewall, flaw, rce, remote-code-execution, vulnerabilityCybersecurity researchers caution that over 12,000 instances of GFI KerioControl firewalls remain unpatched and vulnerable to a critical security flaw (CVE-2024-52875) that could be exploited for remote code execution (RCE) with minimal effort. The Shadowserver Foundation has been tracking this vulnerability and issuing daily reports since February 5, 2025. Critical Vulnerability Overview CVE-2024-52875 is a…
-
Over 12,000 KerioControl firewalls exposed to exploited RCE flaw
by
in SecurityNewsOver twelve thousand GFI KerioControl firewall instances are exposed to a critical remote code execution vulnerability tracked as CVE-2024-52875. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-12-000-keriocontrol-firewalls-exposed-to-exploited-rce-flaw/
-
CISA warns of hackers targeting vulnerability in Trimble Cityworks to conduct RCE
by
in SecurityNewsThe software is widely used in projects by local governments, utilities, airports and other facilities. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/cisa-hackers-vulnerability-trimble-cityworks/739681/
-
Hackers breach Microsoft IIS services using Cityworks RCE bug
by
in SecurityNewsHackers are exploiting a high-severity remote code execution (RCE) flaw in Cityworks deployments, a GIS-centric asset and work order management software, to execute codes on a customers’ Microsoft web servers.In a coordinated advisory with the US Cybersecurity and Infrastructure Security Agency (CISA), Cityworks’ developer Trimble said that the vulnerability, tracked as CVE-2025-0994 with CVSS rating…
-
CISA warns Trimble Cityworks customers of actively exploited RCE flaw
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/cisa-warns-trimble-cityworks-customers-of-actively-exploited-rce-flaw
-
Thousands of Public ASP.NET Keys Allow Web Server RCE
by
in SecurityNewsDevelopers are pulling in publicly available ASP.NET keys into their environments, without realizing that cyberattackers can use them for clandestine code injection. First seen on darkreading.com Jump to article: www.darkreading.com/remote-workforce/microsoft-public-asp-net-keys-web-server-rce
-
Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers
by
in SecurityNews
Tags: breach, exploit, hacker, microsoft, network, rce, remote-code-execution, software, vulnerabilitySoftware vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial network access. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-cityworks-rce-bug-to-breach-microsoft-iis-servers/
-
CISA Warns of Active Exploitation in Trimble Cityworks Vulnerability Leading to IIS RCE
by
in SecurityNews
Tags: cisa, cve, cybersecurity, data, exploit, flaw, infrastructure, rce, remote-code-execution, software, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild.The vulnerability in question is CVE-2025-0994 (CVSS v4 score: 8.6), a deserialization of untrusted data bug that could permit an attacker to conduct remote code execution.”This could…
-
Veeam Updater receives update for critical RCE flaw
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/veeam-updater-receives-update-for-critical-rce-flaw
-
Critical RCE bug in Microsoft Outlook now exploited in attacks
by
in SecurityNewsCISA warned U.S. federal agencies on Thursday to secure their systems against ongoing attacks targeting a critical Microsoft Outlook remote code execution (RCE) vulnerability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-rce-bug-in-microsoft-outlook-now-exploited-in-attacks/
-
Android Security Update Fixes Linux Kernel RCE Flaw Allow Read/Write Access
by
in SecurityNewsOn February 3, 2025, Google published its February Android Security Bulletin, which addresses a total of 47 vulnerabilities affecting Android devices. Among these, a critical flaw in the Linux kernel’s USB Video Class (UVC) driver, tracked as CVE-2024-53104, has been identified as a significant security risk. This vulnerability allows attackers to execute remote code (RCE),…
-
1- Click RCE Vulnerability in Voyager PHP Allow Attackers Execute Arbitrary Code
by
in SecurityNewsA recently disclosed security vulnerability in the Voyager PHP package, a popular tool for managing Laravel applications, has raised significant concerns regarding the potential for remote code execution (RCE) on affected servers. This vulnerability, identified through ongoing security scans using SonarQube Cloud, could allow an authenticated user to inadvertently execute arbitrary code by clicking on…
-
Chained Voyager Bugs Threaten One-Click RCE
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/chained-voyager-bugs-threaten-one-click-rce
-
Laravel admin package Voyager vulnerable to one-click RCE flaw
by
in SecurityNewsThree vulnerabilities discovered in the open-source PHP package Voyager for managing Laravel applications could be used for remote code execution attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/laravel-admin-package-voyager-vulnerable-to-one-click-rce-flaw/
-
iPhone users targeted in Apple’s first zero-day exploit in 2025
by
in SecurityNewsApple iPhone users were targeted for privilege escalation in the zero-day exploitation of a use-after-free vulnerability affecting Apple’s Core Media framework.”A malicious application may be able to elevate privileges,” Apple said in the security update description. “Apple is aware of a report that this issue may have been actively exploited against versions of iOS before…
-
Severe Meta Llama issue risks RCE in AI systems
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/severe-meta-llama-issue-risks-rce-in-ai-systems
-
A pickle in Meta’s LLM code could allow RCE attacks
by
in SecurityNews
Tags: ai, attack, breach, cve, cvss, data, data-breach, exploit, flaw, framework, github, LLM, malicious, ml, network, open-source, rce, remote-code-execution, software, supply-chain, technology, theft, vulnerabilityMeta’s large language model (LLM) framework, Llama, suffers a typical open-source coding oversight, potentially allowing arbitrary code execution on servers leading to resource theft, data breaches, and AI model takeover.The flaw, tracked as CVE-2024-50050, is a critical deserialization bug belonging to a class of vulnerabilities arising from the improper use of the open-source library (pyzmq)…
-
SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks
by
in SecurityNewsSonicWall is warning about a pre-authentication deserialization vulnerability in SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC), with reports that it has been exploited as a zero-day in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/sonicwall-warns-of-sma1000-rce-flaw-exploited-in-zero-day-attacks/
-
Chained Vulnerabilities Exploited in Ivanti Cloud Service Appliances
by
in SecurityNews
Tags: cloud, credentials, exploit, ivanti, rce, remote-code-execution, service, theft, threat, vulnerabilityThreat actors chained Ivanti CSA vulnerabilities for RCE, credential theft & webshell deployment First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cisa-fbi-warn-chained-attacks/
-
Security Researchers Discover Critical RCE Vulnerability, Earned $40,000 Bounty
by
in SecurityNewsCybersecurity researchers Abdullah Nawaf and Orwa Atyat, successfully escalated a limited path traversal vulnerability into a full-blown remote code execution (RCE). Their discovery earned a massive $40,000 bounty from the targeted organization’s bug bounty program. The team documented their step-by-step approach, leaving the cybersecurity community with valuable lessons on persistence, creativity, and methodical bug hunting.…
-
Security Researchers Discover Critical RCE Vulnerability, Earn $40,000 Bounty
by
in SecurityNewsCybersecurity researchers Abdullah Nawaf and Orwa Atyat, successfully escalated a limited path traversal vulnerability into a full-blown remote code execution (RCE). Their discovery earned a massive $40,000 bounty from the targeted organization’s bug bounty program. The team documented their step-by-step approach, leaving the cybersecurity community with valuable lessons on persistence, creativity, and methodical bug hunting.…
-
PoC Exploit Released for QNAP RCE Vulnerability
by
in SecurityNewsA critical remote code execution (RCE) vulnerability, tracked as CVE-2024-53691, has recently come to light, affecting users of QNAP’s QTS and QuTS Hero operating systems. This vulnerability enables remote attackers with user access privileges to traverse the file system and run arbitrary code on affected systems. With a CVSS score of 8.7, the severity of…
-
PoC Exploit Released for Ivanti Connect Secure RCE Vulnerability
by
in SecurityNewsA serious security flaw has been identified in Ivanti Connect Secure, designated as CVE-2025-0282, which enables remote unauthenticated attackers to execute arbitrary code. As of January 8, 2025, Ivanti has acknowledged the existence of this stack-based buffer overflow vulnerability found in versions before22.7R2.5. This vulnerability is particularly concerning due to its high attack vector stemming from…
-
Bug Bounty Bonanza: $40,000 Reward for Escalating Limited Path Traversal to RCE
by
in SecurityNewsAs a dedicated bug bounty hunter with an enviable track record on BugCrowd, Abdullah Nawaf, Full full-time bug Bounty Hunter, thrives on the thrill of discovery and the challenge of finding high-impact vulnerabilities. Recently, alongside his colleague Orwa Atyat, they achieved a notable success: turning a limited path traversal vulnerability into a fully-fledged remote code execution…
-
Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks
by
in SecurityNewsCybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, privilege escalation, and remote code execution.Horizon3.ai researcher Naveen Sunkavally, in a technical report detailing the findings, said the “vulnerabilities are trivial to reverse and exploit.”The list of identified flaws is as follows – First seen on thehackernews.com…
-
Threat Actors Exploit a Critical Ivanti RCE Bug, Again
by
in SecurityNewsNew year, same story. Despite Ivanti’s commitment to secure-by-design principles, threat actors, possibly the same ones as before, are exploiting its edge devices for the nth time. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/critical-ivanti-rce-bug
-
Sicherheitsmängel gefährden DNA-Sequenziergeräte
by
in SecurityNewssrcset=”https://b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?quality=50&strip=all 5283w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=300%2C168&quality=50&strip=all 300w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=768%2C432&quality=50&strip=all 768w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=1024%2C576&quality=50&strip=all 1024w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=1536%2C864&quality=50&strip=all 1536w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=2048%2C1152&quality=50&strip=all 2048w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=1240%2C697&quality=50&strip=all 1240w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=150%2C84&quality=50&strip=all 150w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=854%2C480&quality=50&strip=all 854w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=640%2C360&quality=50&strip=all 640w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=444%2C250&quality=50&strip=all 444w” width=”1024″ height=”576″ sizes=”(max-width: 1024px) 100vw, 1024px”>Security-Forscher haben festgestellt, dass bei einem DNA-Sequenziergerät wichtige Sicherheitsfunktionen fehlen. angellodeco Shutterstock.comDas DNA-Sequenziergerät iSeq 100 von Illumina wird von medizinischen Laboren auf der ganzen Welt für eine Vielzahl…
-
Hackers exploit critical Aviatrix Controller RCE flaw in attacks
by
in SecurityNewsThreat actors are exploiting a critical remote command execution vulnerability, tracked as CVE-2024-50603, in Aviatrix Controller instances to install backdoors and crypto miners. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-critical-aviatrix-controller-rce-flaw-in-attacks/