Tag: RCE
Joomla XSS Bugs Open Millions of Websites to RCE
The Joomla open source content management system (CMS) is vulnerable to multiple cross-site scripting (XSS) security vulnerabilities that could allow remote code execution (RCE).Sonar's...
Attackers Exploit Microsoft Security-Bypass Zero-Day Bugs
Microsoft's scheduled Patch Tuesday security update for February includes fixes for two zero-day security vulnerabilities under active attack, plus 71 other flaws across a...
Linux Distros Hit by RCE Vulnerability in Shim Bootloader
Linux shim, a small piece of code that many major Linux distros use during the secure boot process, has a remote code execution vulnerability...
Patch Now: Critical TeamCity Bug Allows for Server Takeovers
JetBrains has patched a critical security vulnerability in its TeamCity On-Premises server that can allow unauthenticated remote attackers to gain control over an affected...
Ivanti Zero-Day Patches Delayed as ‘KrustyLoader’ Attacks Mount
Attackers are using a pair of critical zero-day vulnerabilities in Ivanti VPNs to deploy a Rust-based set of backdoors, which in turn download a...
PoC Exploits Heighten Risks Around Critical New Jenkins Vuln
Some 45,000 Internet-exposed Jenkins servers remain unpatched against a critical, recently disclosed arbitrary file-read vulnerability for which proof-of-exploit code is now publicly available.CVE-2024-23897 affects...
Critical Cisco Unified Communications RCE Bug Allows Root Access
A critical security vulnerability in Cisco Unified Communications and Contact Center Solutions (UC/CC) could allow unauthenticated remote code execution (RCE).The bug (CVE-2024-20253, 9.9 CVSS)...
Godzilla Web Shell Attacks Stomp on Critical Apache ActiveMQ Flaw
Threat actors have unleashed a fresh wave of cyberattacks targeting a critical remote code-execution (RCE) vulnerability in Apache ActiveMQ, for which the Apache Software...
Chinese Spies Exploited Critical VMware Bug for Nearly 2 Years
One of the most serious VMware vulnerabilities in recent memory was secretly being exploited by a Chinese advanced persistent threat (APT) for years before...
CISA: AWS, Microsoft 365 Accounts Under Active ‘Androxgh0st’ Attack
The FBI and the US Cybersecurity and Infrastructure Security Agency (CISA) have issued an alert about a malware campaign targeting Apache webservers and websites...
Patch Now: Critical Windows Kerberos Bug Bypasses Microsoft Security
Microsoft eased enterprise security teams into 2024 with a relatively light January security update consisting of patches for 48 unique CVEs, just two of...
Apache ERP Zero-Day Underscores Dangers of Incomplete Patches
Unknown groups have launched probes against a zero-day vulnerability identified in Apache's OfBiz enterprise resource planning (ERP) framework — an increasingly popular strategy of...
Latest Intelligence
