Code Execution
Facebook discloses FreeType 2 flaw exploited in attacks
Facebook is warning that a FreeType vulnerability in all versions up to 2.13 can lead to arbitrary code execution, with reports that the flaw has been exploited in attacks. FreeType is a popular open-source font rendering library used to display text and programmatically add text to images. It provides functionality to load, rasterize, and render […]
Broadcom fixes three VMware zero-days exploited in attacks
Broadcom warned customers today about three VMware zero-days, tagged as exploited in attacks and reported by the Microsoft Threat Intelligence Center. The vulnerabilities (CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226) impact VMware ESX products, including VMware ESXi, vSphere, Workstation, Fusion, Cloud Foundation, and Telco Cloud Platform. Attackers with privileged administrator or root access can chain these flaws to escape […]
whoAMI attacks give hackers code execution on Amazon EC2 instances
Security researchers discovered a name confusion attack that allows access to an Amazon Web Services account to anyone that publishes an Amazon Machine Image (AMI) with a specific name. Dubbed “whoAMI,” the attack was crafted by DataDog researchers in August 2024, who demonstrated that it’s possible for attackers to gain code execution within AWS accounts by exploiting how […]
QNAP fixes six Rsync vulnerabilities in NAS backup, recovery app
QNAP has fixed six rsync vulnerabilities that could let attackers gain remote code execution on unpatched Network Attached Storage (NAS) devices. Rsync is an open-source file synchronization tool that supports direct file syncing via its daemon, SSH transfers via SSH, and incremental transfers that save time and bandwidth. It’s widely used by many backup solutions […]