Remote Code Execution - Geek Feed

Critical Progress WhatsUp RCE flaw now under active exploitation

August 7, 2024August 7, 2024 geekfeed0Tagged Actively Exploited, exploit, poc, Proof of Concept, rce, Remote Code Execution, WhatsUp, WhatsUp exploit, WhatsUp Gold

Threat actors are actively attempting to exploit a recently fixed Progress WhatsUp Gold remote code execution vulnerability on exposed servers for initial access to corporate networks. The vulnerability leveraged in these attacks is CVE-2024-4885, a critical-severity (CVSS v3 score: 9.8) unauthenticated remote code execution flaw impacting Progress WhatsUp Gold 23.1.2 and older. Proof-of-concept (PoC) exploits for CVE-2024-4885 are […]

3 mins read

WhatsApp for Windows lets Python, PHP scripts execute with no warning

July 28, 2024August 8, 2024 geekfeed0Tagged 0-day, Attachments, Python, Remote Code Execution, WhatsApp, Zero-Day

A security issue in the latest version of WhatsApp for Windows allows sending Python and PHP attachments that are executed without any warning when the recipient opens them. For the attack to be successful, Python needs to be installed, a prerequisite that may limit the targets to software developers, researchers, and power users. The problem […]

5 mins read

Critical ServiceNow RCE flaws actively exploited to steal credentials

July 26, 2024July 26, 2024 geekfeed0Tagged rce, rce vulnerability, Remote Code Execution, ServiceNow, vulnerability

Threat actors are chaining together ServiceNow flaws using publicly available exploits to breach government agencies and private firms in data theft attacks. This malicious activity was reported by Resecurity, which, after monitoring it for a week, identified multiple victims, including government agencies, data centers, energy providers, and software development firms. Although the vendor released security updates […]

2 mins read