Latest Remote Code Execution news

Cisco warns of critical switch bugs with public exploit code

Cisco warned customers today of four critical remote code execution vulnerabilities with public exploit code affecting multiple Small Business Series Switches.
- Sergiu Gatlan
- May 17, 2023
- 02:50 PM
- 0
CISA warns of critical Ruckus bug used to infect Wi-Fi access points

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today of a critical remote code execution (RCE) flaw in the Ruckus Wireless Admin panel actively exploited by a recently discovered DDoS botnet.
- Sergiu Gatlan
- May 12, 2023
- 01:43 PM
- 2
FBI: Bl00dy Ransomware targets education orgs in PaperCut attacks

The FBI and CISA issued a joint advisory to warn that the Bl00dy Ransomware gang is now also actively exploiting a PaperCut remote-code execution vulnerability to gain initial access to networks.
- Bill Toulas
- May 12, 2023
- 12:51 PM
- 0
New PaperCut RCE exploit created that bypasses existing detections

A new proof-of-concept (PoC) exploit for an actively exploited PaperCut vulnerability was released that bypasses all known detection rules.
- Bill Toulas
- May 06, 2023
- 10:11 AM
- 0
Cisco phone adapters vulnerable to RCE attacks, no fix available

Cisco has disclosed a vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters, allowing an unauthenticated, remote attacker to execute arbitrary code on the devices.
- Bill Toulas
- May 04, 2023
- 01:28 PM
- 0
Hackers exploit 5-year-old unpatched flaw in TBK DVR devices

Hackers are actively exploiting an unpatched 2018 authentication bypass vulnerability in exposed TBK DVR (digital video recording) devices.
- Bill Toulas
- May 02, 2023
- 11:13 AM
- 0
APC warns of critical unauthenticated RCE flaws in UPS software

APC's Easy UPS Online Monitoring Software is vulnerable to unauthenticated arbitrary remote code execution, allowing hackers to take over devices and, in a worst-case scenario, disabling its functionality altogether.
- Bill Toulas
- April 24, 2023
- 11:14 AM
- 0
VMware fixes vRealize bug that let attackers run code as root

VMware addressed a critical vRealize Log Insight security vulnerability that allows remote attackers to gain remote execution on vulnerable appliances.
- Sergiu Gatlan
- April 20, 2023
- 01:22 PM
- 0
Windows admins warned to patch critical MSMQ QueueJumper bug

Security researchers and experts warn of a critical vulnerability in the Windows Message Queuing (MSMQ) middleware service patched by Microsoft during this month's Patch Tuesday and exposing hundreds of thousands of systems to attacks.
- Sergiu Gatlan
- April 12, 2023
- 01:31 PM
- 0
PoC exploits released for Netgear Orbi router vulnerabilities

Proof-of-concept exploits for vulnerabilities in Netgear's Orbi 750 series router and extender satellites have been released, with one flaw a critical severity remote command execution bug.
- Bill Toulas
- March 22, 2023
- 10:14 AM
- 0
Google finds 18 zero-day vulnerabilities in Samsung Exynos chipsets

Project Zero, Google's zero-day bug-hunting team, discovered and reported 18 zero-day vulnerabilities in Samsung's Exynos chipsets used in mobile devices, wearables, and cars.
- Sergiu Gatlan
- March 16, 2023
- 04:33 PM
- 1
CISA warns of actively exploited Plex bug after LastPass breach

CISA has added an almost three-year-old high-severity remote code execution (RCE) vulnerability in the Plex Media Server to its catalog of security flaws exploited in attacks.
- Sergiu Gatlan
- March 11, 2023
- 11:28 AM
- 1
CISA warns of critical VMware RCE flaw exploited in attacks

CISA has added a critical severity vulnerability in VMware's Cloud Foundation to its catalog of security flaws exploited in the wild.
- Sergiu Gatlan
- March 10, 2023
- 12:25 PM
- 0
Fortinet warns of new critical unauthenticated RCE vulnerability

Fortinet has disclosed a "Critical" vulnerability impacting FortiOS and FortiProxy, which allows an unauthenticated attacker to execute arbitrary code or perform denial of service (DoS) on the GUI of vulnerable devices using specially crafted requests.
- Bill Toulas
- March 08, 2023
- 02:25 PM
- 0
Android March 2023 update fixes two critical code execution flaws

Google has released March 2023 security updates for Android, fixing a total of 60 flaws, and among them, two critical-severity remote code execution (RCE) vulnerabilities impacting Android Systems running versions 11, 12, and 13.
- Bill Toulas
- March 07, 2023
- 09:48 AM
- 3
Proof-of-Concept released for critical Microsoft Word RCE bug

A proof-of-concept for CVE-2023-21716, a critical vulnerability in Microsoft Word that allows remote code execution, has been published over the weekend.
- Ionut Ilascu
- March 06, 2023
- 03:55 PM
- 0
Aruba Networks fixes six critical vulnerabilities in ArubaOS

Aruba Networks published a security advisory to inform customers about six critical-severity vulnerabilities impacting multiple versions of ArubaOS, its proprietary network operating system.
- Bill Toulas
- March 01, 2023
- 05:15 PM
- 1
Cisco patches critical Web UI RCE flaw in multiple IP phones

Cisco has addressed a critical security vulnerability found in the Web UI of multiple IP Phone models that unauthenticated and remote attackers can exploit in remote code execution (RCE) attacks.
- Sergiu Gatlan
- March 01, 2023
- 01:28 PM
- 0
CISA warns of hackers exploiting ZK Java Framework RCE flaw

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added CVE-2022-36537 to its "Known Exploited Vulnerabilities Catalog" after threat actors began actively exploiting the remote code execution (RCE) flaw in attacks.
- Bill Toulas
- February 28, 2023
- 04:37 PM
- 0
Exploit released for critical Fortinet RCE flaw, patch now

Security researchers have released a proof-of-concept exploit for a critical-severity vulnerability (CVE-2022-39952) in Fortinet's FortiNAC network access control suite.
- Bill Toulas
- February 21, 2023
- 01:21 PM
- 0