Tag: remote code execution
261 articles

WordPress Discloses Core Flaw Enabling Unauthenticated Code Execution
WordPress has patched a critical flaw that allowed hackers to execute code remotely without authentication, releasing versions 6.9.5 and 7.0.2 to fix the vulnerability. The update addresses a REST API batch-route confusion and SQL injection issue that could be triggered by a simple HTTP request.

CISA Flags Exploited SharePoint Zero-Day Vulnerability
Don't wait until it's too late: Federal agencies have until July 19, 2026, to patch a critical Microsoft SharePoint Server vulnerability, CVE-2026-58644, that's already being exploited by hackers to execute malicious code remotely. This high-severity flaw, with a CVSS score of 9.8, could allow attackers to take control of your SharePoint Server if left unpatched.

Unpatched Shark Vacuum Flaw Exposes Regional Control Risk
A security flaw in Shark vacuums could put regional control at risk, as demonstrated by researcher tokay0, who exploited the vulnerability to run root commands on hundreds of thousands of devices in a single AWS region. This alarming weakness was discovered through a clever hack that allowed tokay0 to harvest serial numbers and execute commands remotely.

CISA Warns of Actively Exploited SharePoint Vulnerabilities
The US Cybersecurity and Infrastructure Security Agency (CISA) has warned of three SharePoint vulnerabilities, including CVE-2026-32201, CVE-2026-45659, and CVE-2026-56164, that are being actively exploited by attackers. These flaws, affecting on-premises SharePoint Server installations, pose a significant threat, with one remote code execution flaw rated 8.8 in severity.

Microsoft Patch Deluge Exposes New Normal in Cybersecurity Updates
Microsoft just dropped a record 570 security updates on Patch Tuesday, revealing a new normal in cybersecurity: AI has drastically reduced the cost of finding vulnerabilities, leading to a surge in fixes that shows no signs of slowing down. This massive update batch included critical patches for elevation of privilege, remote code execution, and information disclosure flaws.

CISA Warns of Exploited Flaws in Joomla Extensions
Stay safe online: a critical vulnerability in the iCagenda extension for Joomla can allow attackers to upload malicious files and take control of your website, leading to data theft and total site compromise. CISA warns that this flaw, tracked as CVE-2026-48939, is being actively exploited, so take action now to protect your site.

AI Security Tools Expose Vulnerability to Cyber-Attacks
Researchers have uncovered a chilling vulnerability in AI-powered security tools, allowing hackers to remotely execute malicious code and wreak havoc on even the most secure systems. This shocking exploit, demonstrated through a proof-of-concept attack on popular AI coding agents, highlights a critical weakness that leaves defenses wide open.

AI Coding Assistants Expose Flaw in Approval Process
Researchers have uncovered a shocking flaw, dubbed GhostApproval, that affects six major AI coding assistants, allowing malicious code to bypass approval prompts and wreak havoc on a developer's machine. This vulnerability can be exploited through a clever use of symbolic links, posing a significant risk to developers who rely on these tools.

Adobe ColdFusion Flaw Exploited in Ongoing Attacks
A critical Adobe ColdFusion vulnerability, CVE-2026-48282, is under attack - and it's crucial to patch now to prevent remote code execution on your system. This maximum-severity flaw affects ColdFusion releases 2025.9, 2023.20, and earlier, and can be exploited without privileges.

CISA Flags SharePoint Flaw as Exploitable
Microsoft initially downplayed the risk of a SharePoint vulnerability, saying exploitation was less likely, but the Cybersecurity and Infrastructure Security Agency has since escalated the flaw to its list of known exploited vulnerabilities. This move signals a heightened sense of urgency for organizations to address the potentially critical issue.

CISA Warns of Active Exploits of Microsoft SharePoint Flaw
Microsoft warns that a critical flaw in SharePoint, tracked as CVE-2026-45659, is being actively exploited, allowing even low-privilege attackers to execute arbitrary code remotely with ease. This deserialization vulnerability lets authenticated attackers run code on vulnerable servers without needing admin privileges.

AI Agent Automates Ransomware Attack via Langflow Flaw
Security firm Sysdig has uncovered a groundbreaking - and unsettling - example of a ransomware attack that was carried out entirely by an AI agent, exploiting a flaw in the popular open-source tool Langflow. The attack was made possible by a remote code execution vulnerability, CVE-2025-3248, which allowed the AI agent to run arbitrary Python code without logging in.

CISA Warns of Active SharePoint RCE Exploitation
CISA warns that a high-severity vulnerability in Microsoft SharePoint Server, known as CVE-2026-45659, is being actively exploited, allowing authorized attackers to execute code remotely. This critical flaw, patched by Microsoft in May, requires immediate attention to prevent network breaches.

RustDuck Botnet Evolves with Rust Rewrite to Evade Detection
Meet RustDuck, a sneaky botnet that's been evolving to evade detection since February 2026, tracked by researchers at QiAnXin's XLab. It gains a foothold by exploiting weak passwords, unpatched vulnerabilities, and targeting specific web software.

Langflow Vulnerability Exploited to Deploy Monero Miner on AI App Endpoints
Hackers exploited a critical vulnerability in Langflow to sneak a Monero cryptocurrency miner onto AI app endpoints, using just one line of Python code to start the attack. Over 19 days in March and April, threat actors took advantage of the unauthenticated remote code execution flaw, rated CVSS 9.3, to spread the malware.

CISA Flags Exploited PTC Windchill Flaw Amid Web Shell Attacks
PTC has confirmed that attackers are exploiting a high-severity flaw, CVE-2026-12569, in its Windchill software to drop malicious web shells on vulnerable systems, allowing them to execute arbitrary code remotely. The company has reported heightened threat activity, urging users to take immediate action to protect themselves.

CISA Warns of Active Exploitation of Lantronix EDS5000 Flaw
A critical code-injection flaw, CVE-2025-67038, has been discovered in Lantronix EDS5000 Series devices, allowing attackers to inject arbitrary OS commands with root privileges due to a lack of input sanitization in the HTTP RPC module. This vulnerability has a CVSS score of 9.8, indicating a high severity level.

Legacy Infrastructure Exposes AI Agents to Hijacking Risks
Legacy infrastructure can put your AI agents at risk of hijacking, as seen with CVE-2025-24813, a remote code execution flaw that lets attackers turn a routine server compromise into a full takeover. An unpatched Internet-facing Apache Tomcat server is all it takes to expose your enterprise to this threat.

CISA Warns of Active Exploitation of Splunk Enterprise Flaw
A critical vulnerability in Splunk Enterprise, tracked as CVE-2026-20253, allows remote attackers to create or delete files on vulnerable systems without needing any login credentials. This security flaw affects specific versions of Splunk Enterprise, including 10.2.0 through 10.2.3 and 10.0.0 through 10.0.6.

F5 Fixes Flaws in NGINX Open Source Enabling Remote Code Execution
F5 has issued urgent security updates for NGINX products after discovering two critical flaws, CVE-2026-42530 and CVE-2026-42055, that could allow remote code execution. These vulnerabilities, rated 9.2 on the CVSS v4 scale, pose a significant threat and require immediate attention to prevent exploitation.

Microsoft Exposes Windows Clipper Malware Campaign Using USB Worm.
Microsoft's security team has uncovered a sneaky malware campaign that's been secretly stealing cryptocurrency from Windows users since February 2026, using a clever combination of a USB worm and a stealthy Tor-based command center. The malware, known as a Windows Clipper, uses Windows Script Host and ActiveX to launch a Tor proxy and communicate with its command center.

F5 Dispatched Patches for Critical NGINX Flaws
F5 has urgently released patches to fix two critical vulnerabilities in NGINX modules that can be exploited by remote attackers to cause denial-of-service or even execute remote code. Admins are advised to install the updates ASAP to protect NGINX Plus, Open Source, Gateway Fabric, and Instance Manager from potential attacks.

Google Cloud Vertex AI Vulnerability Exposes Cross-Tenant RCE Risk
A recent vulnerability in Google Cloud's Vertex AI Python SDK left the door open for cross-tenant attacks, allowing hackers in separate projects to hijack model uploads and potentially execute malicious code remotely. This flaw was fortunately patched in version 1.148.0, released on April 15, 2026.

Cisco Patches SD-WAN Flaw Exploited in Zero-Day Attacks
Cisco has patched a high-risk SD-WAN flaw, known as CVE-2026-20262, that was being exploited in zero-day attacks to gain root privileges. The vulnerability allowed attackers to create or overwrite files on affected systems, and Cisco has now released security updates to fix the issue.