Latest Code Execution news

Malicious AI models on Hugging Face backdoor users’ machines

At least 100 instances of malicious AI ML models were found on the Hugging Face platform, some of which can execute code on the victim's machine, giving attackers a persistent backdoor.
- Bill Toulas
- February 28, 2024
- 05:12 PM
- 1
Hackers breach US govt agencies using Adobe ColdFusion exploit

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers.
- Bill Toulas
- December 05, 2023
- 12:07 PM
- 2
Malicious NuGet packages abuse MSBuild to install malware

A new NuGet typosquatting campaign pushes malicious packages that abuse Visual Studio's MSBuild integration to execute code and install malware stealthily.
- Bill Toulas
- October 31, 2023
- 10:23 AM
- 0
VMware fixes critical code execution flaw in vCenter Server

VMware issued security updates to fix a critical vCenter Server vulnerability that can be exploited to gain remote code execution attacks on vulnerable servers.
- Sergiu Gatlan
- October 25, 2023
- 05:00 AM
- 0
GNOME Linux systems exposed to RCE attacks via file downloads

A memory corruption vulnerability in the open-source libcue library can let attackers execute arbitrary code on GNOME Linux systems.
- Sergiu Gatlan
- October 09, 2023
- 04:24 PM
- 4
Trend Micro fixes endpoint protection zero-day used in attacks

Trend Micro fixed a remote code execution zero-day vulnerability in the Trend Micro's Apex One endpoint protection solution that was actively exploited in attacks.
- Bill Toulas
- September 19, 2023
- 05:11 PM
- 0
Adobe warns of critical Acrobat and Reader zero-day exploited in attacks

Adobe has released security updates to patch a zero-day vulnerability in Acrobat and Reader tagged as exploited in attacks.
- Sergiu Gatlan
- September 12, 2023
- 01:42 PM
- 0
Notepad++ 8.5.7 released with fixes for four security vulnerabilities

Notepad++ version 8.5.7 has been released with fixes for multiple buffer overflow zero-days, with one marked as potentially leading to code execution by tricking users into opening specially crafted files.
- Bill Toulas
- September 08, 2023
- 03:46 PM
- 0
Apple discloses 2 new zero-days exploited to attack iPhones, Macs

Apple released emergency security updates to fix two new zero-day vulnerabilities exploited in attacks targeting iPhone and Mac users, for a total of 13 exploited zero-days patched since the start of the year.
- Sergiu Gatlan
- September 07, 2023
- 01:58 PM
- 0
Almost 40% of Ubuntu users vulnerable to new privilege elevation flaws

Two Linux vulnerabilities introduced recently into the Ubuntu kernel create the potential for unprivileged local users to gain elevated privileges on a massive number of devices.
- Bill Toulas
- July 26, 2023
- 02:51 PM
- 0
VMware fixes vCenter Server bugs allowing code execution, auth bypass

VMware has addressed multiple high-severity security flaws in vCenter Server, which can let attackers gain code execution and bypass authentication on unpatched systems.
- Sergiu Gatlan
- June 22, 2023
- 12:07 PM
- 0
Exploit available for critical bug in VM2 JavaScript sandbox library

Proof-of-concept exploit code has been released for a recently disclosed critical vulnerability in the popular VM2 library, a JavaScript sandbox that is used by multiple software to run code securely in a virtualized environment.
- Bill Toulas
- April 07, 2023
- 01:41 PM
- 0
Hackers use Golang source code interpreter to evade detection

A Chinese-speaking hacking group tracked as 'DragonSpark' was observed employing Golang source code interpretation to evade detection while launching espionage attacks against organizations in East Asia.
- Bill Toulas
- January 24, 2023
- 06:00 AM
- 0
Git patches two critical remote code execution security flaws

Git has patched two critical severity security vulnerabilities that could allow attackers to execute arbitrary code after successfully exploiting heap-based buffer overflow weaknesses.
- Sergiu Gatlan
- January 17, 2023
- 06:26 PM
- 0
Apple security update fixes new iOS zero-day used to hack iPhones

In security updates released today, Apple has fixed the tenth zero-day vulnerability since the start of the year, with this latest one actively used in attacks against iPhones.
- Lawrence Abrams
- December 13, 2022
- 03:48 PM
- 0
Android December 2022 security updates fix 81 vulnerabilities

Google has released the December 2022 security update for Android, fixing four critical-severity vulnerabilities, including a remote code execution flaw exploitable via Bluetooth.
- Bill Toulas
- December 06, 2022
- 11:36 AM
- 0
Cisco warns admins to patch AnyConnect flaws exploited in attacks

Cisco warned customers today that two security vulnerabilities in the Cisco AnyConnect Secure Mobility Client for Windows are being exploited in the wild.
- Sergiu Gatlan
- October 25, 2022
- 04:55 PM
- 0
Unpatched 15-year old Python bug allows code execution in 350k projects

A vulnerability in the Python programming language that has been overlooked for 15 years is now back in the spotlight as it likely affects more than 350,000 open-source repositories and can lead to code execution.
- Ionut Ilascu
- September 21, 2022
- 12:45 PM
- 0
Cisco fixes bug that lets attackers execute commands as root

Cisco has addressed severe vulnerabilities in the Cisco Nexus Dashboard data center management solution that can let remote attackers execute commands and perform actions with root or Administrator privileges.
- Sergiu Gatlan
- July 20, 2022
- 01:49 PM
- 0
New PACMAN hardware attack targets Macs with Apple M1 CPUs

A new hardware attack targeting Pointer Authentication in Apple M1 CPUs with speculative execution enables attackers to gain arbitrary code execution on Mac systems.
- Sergiu Gatlan
- June 10, 2022
- 03:15 PM
- 0