Security News

Cisco Webex bug lets hackers gain code execution via meeting links
2025-04-18 12:09

Cisco has released security updates for a high-severity Webex vulnerability that allows unauthenticated attackers to gain client-side remote code execution using malicious meeting invite links. [...]

Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution
2025-04-17 10:32

A critical security vulnerability has been disclosed in the Erlang/Open Telecom Platform (OTP) SSH implementation that could permit an attacker to execute arbitrary code sans any authentication...

ActiveX blocked by default in Microsoft 365 because remote code execution is bad, OK?
2025-04-15 12:25

Stopping users shooting themselves in the foot with last century's tech Microsoft has twisted the knife into ActiveX once again, setting Microsoft 365 to disable all controls without so much as a prompt.…

WordPress security plugin WP Ghost vulnerable to remote code execution bug
2025-03-20 14:58

Popular WordPress security plugin WP Ghost is vulnerable to a critical severity flaw that could allow unauthenticated attackers to remotely execute code and hijack servers. [...]

Elastic Releases Urgent Fix for Critical Kibana Vulnerability Enabling Remote Code Execution
2025-03-06 12:33

Elastic has rolled out security updates to address a critical security flaw impacting the Kibana data visualization dashboard software for Elasticsearch that could result in arbitrary code...

Critical flaws in Mongoose library expose MongoDB to data thieves, code execution
2025-02-20 14:45

Bugs fixed, updating to the latest version is advisable Security sleuths found two critical vulnerabilities in a third-party library that MongoDB relies on, which means bad guys can potentially...

New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution
2025-02-14 18:42

Cybersecurity researchers have disclosed a new type of name confusion attack called whoAMI that allows anyone who publishes an Amazon Machine Image (AMI) with a specific name to gain code...

whoAMI attacks give hackers code execution on Amazon EC2 instances
2025-02-13 23:35

Security researchers discovered a name confusion attack that allows access to an Amazon Web Services account to anyone that publishes an Amazon Machine Image (AMI) with a specific name. [...]

New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack
2025-02-05 12:16

Veeam has released patches to address a critical security flaw impacting its Backup software that could allow an attacker to execute arbitrary code on susceptible systems. The vulnerability,...

Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution
2025-01-29 10:21

A critical security flaw has been disclosed in the Cacti open-source network monitoring and fault management framework that could allow an authenticated attacker to achieve remote code execution...