Craft CMS RCE exploit chain used in zero-day attacks to steal data
Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation…
Critical Erlang/OTP SSH pre-auth RCE is ‘Surprisingly Easy’ to exploit, patch now
A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code…
Max severity RCE flaw discovered in widely used Apache Parquet
A maximum severity remote code execution (RCE) vulnerability has been discovered impacting all versions of Apache Parquet up…
Critical RCE flaws put Kubernetes clusters at risk of takeover
The Kubernetes project has released patches for five vulnerabilities in a widely used popular component called the Ingress…
Veeam RCE bug lets domain users hack backup servers, patch now
Veeam has patched a critical remote code execution vulnerability tracked as CVE-2025-23120 in its Backup & Replication software that…
‘Dead simple’ RCE exploit in Apache Tomcat under attack • The Register
A trivial flaw in Apache Tomcat that allows remote code execution and access to sensitive files is said…
This Week In Security: The X DDoS, The ESP32 Basementdoor, And The CamelCase RCE
We would be remiss if we didn’t address the X Distributed Denial of Service (DDoS) attack that’s been…
Over 12,000 KerioControl firewalls exposed to exploited RCE flaw
Over twelve thousand GFI KerioControl firewall instances are exposed to a critical remote code execution vulnerability tracked as…
Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers
Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on…