Latest RCE news

VMware confirms critical vCenter flaw now exploited in attacks

VMware has confirmed that a critical vCenter Server remote code execution vulnerability patched in October is now under active exploitation.
- Sergiu Gatlan
- January 19, 2024
- 08:22 AM
- 0
CISA pushes federal agencies to patch Citrix RCE within a week

Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks.
- Sergiu Gatlan
- January 17, 2024
- 01:31 PM
- 0
Citrix warns of new Netscaler zero-days exploited in attacks

Citrix urged customers on Tuesday to immediately patch Netscaler ADC and Gateway appliances exposed online against two actively exploited zero-day vulnerabilities.
- Sergiu Gatlan
- January 16, 2024
- 03:33 PM
- 0
Over 178K SonicWall firewalls vulnerable to DoS, potential RCE attacks

Security researchers have found over 178,000 SonicWall next-generation firewalls (NGFW) with the management interface exposed online are vulnerable to denial-of-service (DoS) and potential remote code execution (RCE) attacks.
- Sergiu Gatlan
- January 15, 2024
- 01:28 PM
- 0
Juniper warns of critical RCE bug in its firewalls and switches

Juniper Networks has released security updates to fix a critical pre-auth remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches.
- Sergiu Gatlan
- January 12, 2024
- 12:36 PM
- 0
Hackers target Apache RocketMQ servers vulnerable to RCE attacks

Security researchers are detecting hundreds of IP addresses on a daily basis that scan or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as CVE-2023-33246 and CVE-2023-37582.
- Bill Toulas
- January 05, 2024
- 12:32 PM
- 0
Ivanti warns critical EPM bug lets hackers hijack enrolled devices

Ivanti fixed a critical remote code execution (RCE) vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers hijack enrolled devices or the core server.
- Sergiu Gatlan
- January 04, 2024
- 04:37 PM
- 0
Ivanti releases patches for 13 critical Avalanche RCE flaws

Ivanti has released security updates to fix 13 critical security vulnerabilities in the company's Avalanche enterprise mobile device management (MDM) solution.
- Sergiu Gatlan
- December 20, 2023
- 01:03 PM
- 0
Microsoft discovers critical RCE flaw in Perforce Helix Core Server

Four vulnerabilities, one of which is rated critical, have been discovered in the Perforce Helix Core Server, a source code management platform widely used by the gaming, government, military, and technology sectors.
- Bill Toulas
- December 18, 2023
- 03:49 PM
- 0
Hackers are exploiting critical Apache Struts flaw using public PoC

Hackers are attempting to leverage a recently fixed critical vulnerability (CVE-2023-50164) in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code.
- Bill Toulas
- December 13, 2023
- 11:19 AM
- 1
Sophos backports RCE fix after attacks on unsupported firewalls

Sophos opted to backport a security update for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions after discovering hackers actively exploiting the flaw in attacks.
- Bill Toulas
- December 12, 2023
- 12:29 PM
- 0
50K WordPress sites exposed to RCE attacks by critical bug in backup plugin

A critical severity vulnerability in a WordPress plugin with more than 90,000 installs can let attackers gain remote code execution to fully compromise vulnerable websites.
- Sergiu Gatlan
- December 11, 2023
- 05:46 PM
- 2
Over 30% of Log4J apps use a vulnerable version of the library

Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries the maximum severity rating, despite patches being available for more than two years.
- Bill Toulas
- December 10, 2023
- 10:35 AM
- 1
WordPress fixes POP chain exposing websites to RCE attacks

WordPress has released version 6.4.2 that addresses a remote code execution (RCE) vulnerability that could be chained with another flaw to allow attackers run arbitrary PHP code on the target website.
- Bill Toulas
- December 07, 2023
- 03:10 PM
- 0
Atlassian patches critical RCE flaws across multiple products

Atlassian has published security advisories for four critical remote code execution (RCE) vulnerabilities impacting Confluence, Jira, and Bitbucket servers, along with a companion app for macOS.
- Bill Toulas
- December 06, 2023
- 10:49 AM
- 0
December Android updates fix critical zero-click RCE flaw

Google announced today that the December 2023 Android security updates tackle 85 vulnerabilities, including a critical severity zero-click remote code execution (RCE) bug.
- Sergiu Gatlan
- December 04, 2023
- 02:37 PM
- 0
New botnet malware exploits two zero-days to infect NVRs and routers

A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution (RCE) vulnerabilities to infect routers and video recorder (NVR) devices.
- Bill Toulas
- November 22, 2023
- 12:39 PM
- 0
New CacheWarp AMD CPU attack lets hackers gain root in Linux VMs

A new software-based fault injection attack, CacheWarp, can let threat actors hack into AMD SEV-protected virtual machines by targeting memory writes to escalate privileges and gain remote code execution.
- Sergiu Gatlan
- November 14, 2023
- 03:34 PM
- 2
CISA warns of actively exploited Juniper pre-auth RCE exploit chain

CISA warned federal agencies today to secure Juniper devices on their networks by Friday against four vulnerabilities now used in remote code execution (RCE) attacks as part of a pre-auth exploit chain.
- Sergiu Gatlan
- November 13, 2023
- 12:23 PM
- 0
Veeam warns of critical bugs in Veeam ONE monitoring platform

Veeam released hotfixes today to address four vulnerabilities in the company's Veeam ONE IT infrastructure monitoring and analytics platform, two of them critical.
- Sergiu Gatlan
- November 06, 2023
- 04:58 PM
- 0