Command Injection
Libraesva ESG issues emergency fix for bug exploited by state hackers
Libraesva rolled out an emergency update for its Email Security Gateway (ESG) solution to fix a vulnerability exploited by threat actors believed to be state sponsored. The email security product protects email systems from phishing, malware, spam, business email compromise, and spoofing, using a multi-layer protection architecture. According to the vendor, Libraesva ESG is used […]
Fortra warns of max severity flaw in GoAnywhere MFT’s License Servlet
Fortra has released security updates to patch a maximum severity vulnerability in GoAnywhere MFT’s License Servlet that can be exploited in command injection attacks. GoAnywhere MFT is a web-based managed file transfer tool that helps organizations securely transfer files and maintain audit logs of who accesses the shared files. Tracked as CVE-2025-10035, this security flaw […]
Fortinet warns of FortiSIEM pre-auth RCE flaw with exploit in the wild
Fortinet is warning about a remote unauthenticated command injection flaw in FortiSIEM that has in-the-wild exploit code, making it critical for admins to apply the latest security updates. FortiSIEM is a central security monitoring and analytics system used for logging, network telemetry, and security incident alerts, serving as an integral part of security operation centers, where […]
Exploit available for critical Cisco ISE bug exploited in attacks
Security researcher Bobby Gould has published a blog post demonstrating a complete exploit chain for CVE-2025-20281, an unauthenticated remote code execution vulnerability in Cisco Identity Services Engine (ISE). The critical vulnerability was first disclosed on June 25, 2025, with Cisco warning that it impacts ISE and ISE-PIC versions 3.3 and 3.4, allowing unauthenticated, remote attackers to […]
New Mirai botnet infect TBK DVR devices via command injection flaw
A new variant of the Mirai malware botnet is exploiting a command injection vulnerability in TBK DVR-4104 and DVR-4216 digital video recording devices to hijack them. The flaw, tracked under CVE-2024-3721, is a command injection vulnerability disclosed by security researcher “netsecfish” in April 2024. The proof-of-concept (PoC) the researcher published at the time came in the […]
Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor
Over 9,000 ASUS routers are compromised by a novel botnet dubbed “AyySSHush” that was also observed targeting SOHO routers from Cisco, D-Link, and Linksys. The campaign was discovered by GreyNoise security researchers in mid-March 2025, who reports that it carries the hallmarks of a nation-state threat actor, though no concrete attributions were made. The threat monitoring firm […]
Hackers exploit critical unpatched flaw in Zyxel CPE devices
Hackers are exploiting a critical command injection vulnerability in Zyxel CPE Series devices that is currently tracked as CVE-2024-40891 and remains unpatched since last July. The vulnerability allows unauthenticated attackers to execute arbitrary commands using the ‘supervisor’ or ‘zyuser’ service accounts. Vulnerability intelligence company VulnCheck added the security issue to its database last year on July 12 and […]
Vulnerable Moxa devices expose industrial networks to attacks
Industrial networking and communications provider Moxa is warning of a high-severity and a critical vulnerability that impact various models of its cellular routers, secure routers, and network security appliances. The two seurity issues allow remote attackers to get root privileges on vulnerable devices and to execute arbitrary commands, which could lead to arbitrary code execution. Risks […]
Hackers exploit Four-Faith router flaw to open reverse shells
Threat actors are exploiting a post-authentication remote command injection vulnerability in Four-Faith routers tracked as CVE-2024-12856 to open reverse shells back to the attackers. The malicious activity was discovered by VulnCheck, who informed Four-Faith about the active exploitation on December 20, 2024. However, it is unclear if security updates for the vulnerability are currently available. […]
OpenWrt Sysupgrade flaw let hackers push malicious firmware images
A flaw in OpenWrt’s Attended Sysupgrade feature used to build custom, on-demand firmware images could have allowed for the distribution of malicious firmware packages. OpenWrt is a highly customizable, open-source, Linux-based operating system designed for embedded devices, particularly network devices like routers, access points, and other IoT hardware. The project is a popular alternative to a manufacturer’s […]