Security News

Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120)
2025-03-20 12:06

Veeam has released fixes for a critical remote code execution vulnerability (CVE-2025-23120) affecting its enterprise Veeam Backup & Replication solution, and is urging customers to quickly...

Critical RCE flaw in Apache Tomcat actively exploited in attacks
2025-03-17 13:29

A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers with a simple PUT request. [...]

Critical PHP RCE vulnerability mass exploited in new attacks
2025-03-11 14:26

Threat intelligence company GreyNoise warns that a critical PHP remote code execution vulnerability that impacts Windows systems is now under mass exploitation. [...]

PHP-CGI RCE Flaw Exploited in Attacks on Japan's Tech, Telecom, and E-Commerce Sectors
2025-03-07 04:42

Threat actors of unknown provenance have been attributed to a malicious campaign predominantly targeting organizations in Japan since January 2025. "The attacker has exploited the vulnerability...

MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364)
2025-02-28 14:44

Users of the MITRE Caldera cyber security platform have been urged to plug a critical hole (CVE-2025–27364) that may allow unauthenticated attackers to achieve remote code execution. About MITRE...

Over 12,000 KerioControl firewalls exposed to exploited RCE flaw
2025-02-10 23:58

Over twelve thousand GFI KerioControl firewall instances are exposed to a critical remote code execution vulnerability tracked as CVE-2024-52875. [...]

Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers
2025-02-07 18:42

Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial...

Critical RCE bug in Microsoft Outlook now exploited in attacks
2025-02-06 18:17

CISA warned U.S. federal agencies on Thursday to secure their systems against ongoing attacks targeting a critical Microsoft Outlook remote code execution (RCE) vulnerability. [...]

Lightning AI Studio Vulnerability Could've Allowed RCE via Hidden URL Parameter
2025-01-30 12:33

Cybersecurity researchers have disclosed a critical security flaw in the Lightning AI Studio development platform that, if successfully exploited, could have allowed for remote code execution. The...

Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits
2025-01-30 07:21

Three security flaws have been disclosed in the open-source PHP package Voyager that could be exploited by an attacker to achieve one-click remote code execution on affected instances. "When an...