rce
Sharepoint ToolShell attacks targeted orgs across four continents
Hackers believed to be associated with China have leveraged the ToolShell vulnerability (CVE-2025-53770) in Microsoft SharePoint in attacks targeting government agencies, universities, telecommunication service providers, and finance organizations. The security flaw affects on-premise SharePoint servers and was disclosed as an actively exploited zero-day on July 20, after multiple hacking groups tied to China leveraged it in widespread […]
DrayTek warns of remote code execution bug in Vigor routers
Networking hardware maker DrayTek released an advisory to warn about a security vulnerability in several Vigor router models that could allow remote, unauthenticated actors to execute perform arbitrary code. The flaw, tracked identified as CVE-2025-10547, was reported to the vendor on July 22 by ChapsVision security researcher Pierre-Yves Maes. “The vulnerability can be triggered when unauthenticated remote attackers send […]
Nearly 50,000 Cisco firewalls vulnerable to actively exploited flaws
Roughly 50,000 Cisco Adaptive Security Appliance (ASA) and Firewall Threat Defense (FTD) appliances exposed on the public web are vulnerable to two vulnerabilities actively leveraged by hackers. The flaws, tracked as CVE-2025-20333 and CVE-2025-20362, enable arbitrary code execution and access to restricted URL endpoints associated with VPN access. Both security issues can be exploited remotely […]
Maximum severity GoAnywhere MFT flaw exploited as zero day
Hackers are actively exploiting a maximum severity vulnerability (CVE-2025-10035) in Fortra’s GoAnywhere MFT that allows injecting commands remotely without authentication. The vendor disclosed the flaw on September 18, buit the company had learned about it a week earlier, and did not share any details on how it was discovered or if it was being exploited. CVE-2025-10035 […]
CISA says hackers breached federal agency using GeoServer exploit
CISA has revealed that attackers breached the network of an unnamed U.S. federal civilian executive branch (FCEB) agency last year after compromising an unpatched GeoServer instance. The security bug (tracked as CVE-2024-36401) is a critical remote code execution (RCE) vulnerability patched on June 18, 2024. CISA added the flaw to its catalog of actively exploited vulnerabilities roughly […]
SolarWinds releases third patch to fix Web Help Desk RCE bug
SolarWinds has released a hotfix for a critical a critical vulnerability in Web Help Desk that allows remote code execution (RCE) without authentication. Tracked as CVE-2025-26399, the security issue is the company’s third attempt to address an older flaw identified as CVE-2024-28986 that impacted Web Help Desk (WHD) 12.8.3 and all previous versions. SolarWinds WHD is a help […]
CISA exposes malware kits deployed in Ivanti EPMM attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis of the malware deployed in attacks exploiting vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM). The flaws are an authentication bypass in EPMM’s API component (CVE-2025-4427) and a code injection vulnerability (CVE-2025-4428) that allows execution of arbitrary code. The two vulnerabilities affect the following […]
WatchGuard warns of critical vulnerability in Firebox firewalls
WatchGuard has released security updates to address a remote code execution vulnerability impacting the company’s Firebox firewalls. Tracked as CVE-2025-9242, this critical security flaw is caused by an out-of-bounds write weakness that can allow attackers to execute malicious code remotely on vulnerable devices following successful exploitation. CVE-2025-9242 affects firewalls running Fireware OS 11.x (end of life), 12.x, […]
CISA warns of actively exploited Dassault RCE vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of hackers exploiting a critical remote code execution flaw in DELMIA Apriso, a manufacturing operations management (MOM) and execution (MES) solution from French company Dassault Systèmes. The agency added the vulnerability, tracked as CVE-2025-5086 and rated with a critical severity score (CVSS v3: 9.0), to the Known Exploited Vulnerabilities (KEV). […]
Samsung patches actively exploited zero-day reported by WhatsApp
Samsung has patched a remote code execution vulnerability that was exploited in zero-day attacks targeting its Android devices. Tracked as CVE-2025-21043, this critical security flaw affects Samsung devices running Android 13 or later and was reported by the security teams of Meta and WhatsApp on August 13. As Samsung explains in a recently updated advisory, this […]