Latest RCE news

300,000+ Fortinet firewalls vulnerable to critical FortiOS RCE bug

Hundreds of thousands of FortiGate firewalls are vulnerable to a critical security issue identified as CVE-2023-27997, almost a month after Fortinet released an update that addresses the problem.
- Bill Toulas
- July 03, 2023
- 07:54 AM
- 1
Fortinet fixes critical FortiNAC remote command execution flaw

Cybersecurity solutions company Fortinet has updated its zero-trust access solution FortiNAC to address a critical-severity vulnerability that attackers could leverage to execute code and commands.
- Bill Toulas
- June 23, 2023
- 08:42 AM
- 0
VMware warns of critical vRealize flaw exploited in attacks

VMware updated a security advisory published two weeks ago to warn customers that a now-patched critical vulnerability allowing remote code execution is being actively exploited in attacks.
- Sergiu Gatlan
- June 20, 2023
- 03:46 PM
- 0
Exploit released for MOVEit RCE bug used in data theft attacks

Horizon3 security researchers have released proof-of-concept (PoC) exploit code for a remote code execution (RCE) bug in the MOVEit Transfer managed file transfer (MFT) solution abused by the Clop ransomware gang in data theft attacks.
- Sergiu Gatlan
- June 12, 2023
- 11:32 AM
- 0
VMware fixes critical vulnerabilities in vRealize network analytics tool

VMware issued multiple security patches today to address critical and high-severity vulnerabilities in VMware Aria Operations for Networks, allowing attackers to gain remote execution or access sensitive information.
- Sergiu Gatlan
- June 07, 2023
- 11:09 AM
- 0
Zyxel shares tips on protecting firewalls from ongoing attacks

Zyxel has published a security advisory containing guidance on protecting firewall and VPN devices from ongoing attacks and detecting signs of exploitation.
- Bill Toulas
- June 03, 2023
- 10:06 AM
- 0
D-Link fixes auth bypass and RCE flaws in D-View 8 software

D-Link has fixed two critical-severity vulnerabilities in its D-View 8 network management suite that could allow remote attackers to bypass authentication and execute arbitrary code.
- Bill Toulas
- May 25, 2023
- 12:57 PM
- 0
Cisco warns of critical switch bugs with public exploit code

Cisco warned customers today of four critical remote code execution vulnerabilities with public exploit code affecting multiple Small Business Series Switches.
- Sergiu Gatlan
- May 17, 2023
- 02:50 PM
- 0
CISA warns of critical Ruckus bug used to infect Wi-Fi access points

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today of a critical remote code execution (RCE) flaw in the Ruckus Wireless Admin panel actively exploited by a recently discovered DDoS botnet.
- Sergiu Gatlan
- May 12, 2023
- 01:43 PM
- 2
FBI: Bl00dy Ransomware targets education orgs in PaperCut attacks

The FBI and CISA issued a joint advisory to warn that the Bl00dy Ransomware gang is now also actively exploiting a PaperCut remote-code execution vulnerability to gain initial access to networks.
- Bill Toulas
- May 12, 2023
- 12:51 PM
- 0
New PaperCut RCE exploit created that bypasses existing detections

A new proof-of-concept (PoC) exploit for an actively exploited PaperCut vulnerability was released that bypasses all known detection rules.
- Bill Toulas
- May 06, 2023
- 10:11 AM
- 0
Cisco phone adapters vulnerable to RCE attacks, no fix available

Cisco has disclosed a vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters, allowing an unauthenticated, remote attacker to execute arbitrary code on the devices.
- Bill Toulas
- May 04, 2023
- 01:28 PM
- 0
Hackers exploit 5-year-old unpatched flaw in TBK DVR devices

Hackers are actively exploiting an unpatched 2018 authentication bypass vulnerability in exposed TBK DVR (digital video recording) devices.
- Bill Toulas
- May 02, 2023
- 11:13 AM
- 0
VMware fixes vRealize bug that let attackers run code as root

VMware addressed a critical vRealize Log Insight security vulnerability that allows remote attackers to gain remote execution on vulnerable appliances.
- Sergiu Gatlan
- April 20, 2023
- 01:22 PM
- 0
Windows admins warned to patch critical MSMQ QueueJumper bug

Security researchers and experts warn of a critical vulnerability in the Windows Message Queuing (MSMQ) middleware service patched by Microsoft during this month's Patch Tuesday and exposing hundreds of thousands of systems to attacks.
- Sergiu Gatlan
- April 12, 2023
- 01:31 PM
- 0
Google finds 18 zero-day vulnerabilities in Samsung Exynos chipsets

Project Zero, Google's zero-day bug-hunting team, discovered and reported 18 zero-day vulnerabilities in Samsung's Exynos chipsets used in mobile devices, wearables, and cars.
- Sergiu Gatlan
- March 16, 2023
- 04:33 PM
- 1
CISA warns of actively exploited Plex bug after LastPass breach

CISA has added an almost three-year-old high-severity remote code execution (RCE) vulnerability in the Plex Media Server to its catalog of security flaws exploited in attacks.
- Sergiu Gatlan
- March 11, 2023
- 11:28 AM
- 1
CISA warns of critical VMware RCE flaw exploited in attacks

CISA has added a critical severity vulnerability in VMware's Cloud Foundation to its catalog of security flaws exploited in the wild.
- Sergiu Gatlan
- March 10, 2023
- 12:25 PM
- 0
Fortinet warns of new critical unauthenticated RCE vulnerability

Fortinet has disclosed a "Critical" vulnerability impacting FortiOS and FortiProxy, which allows an unauthenticated attacker to execute arbitrary code or perform denial of service (DoS) on the GUI of vulnerable devices using specially crafted requests.
- Bill Toulas
- March 08, 2023
- 02:25 PM
- 0
Proof-of-Concept released for critical Microsoft Word RCE bug

A proof-of-concept for CVE-2023-21716, a critical vulnerability in Microsoft Word that allows remote code execution, has been published over the weekend.
- Ionut Ilascu
- March 06, 2023
- 03:55 PM
- 0