Browsing Tag
RCE
30 posts
Agentjacking: Researchers Show How One Fake Bug Report Can Hijack AI Coding Agents
Tenet researchers reveal how fake Sentry bug reports can trick AI coding agents into running code, exposing a new Agentjacking risk for developers today.
Google Fixes CVSS 10 Gemini CLI Vulnerability Enabling GitHub Issue-Based RCE
Google patches a CVSS 10 Gemini CLI vulnerability that allowed hackers to use prompt injection and privilege escalation for a full supply chain compromise.
Hackers Use Jenkins Access to Deploy DDoS Botnet Against Gaming Servers
A new campaign shows misconfigured Jenkins servers abused to deploy a DDoS botnet targeting gaming systems, with Valve Corporation infrastructure in focus.
52M-Download protobuf.js Library Hit by RCE in Schema Handling
Critical RCE flaw in protobuf.js lets attackers execute code via malicious schemas. Learn who is at risk, affected versions, and how to fix it.
ShowDoc Vulnerability Patched in 2020 Now Used in Active Server Takeovers
Hackers are exploiting a 5-year-old ShowDoc vulnerability (CVE-2025-0520) to deploy web shells, enabling RCE and full server takeover worldwide.
ImageMagick Zero-Day Enables RCE on Linux and WordPress Servers
New research from Octagon Networks reveals a critical zero-day ImageMagick vulnerability that allows Remote Code Execution (RCE) via simple image uploads affecting Ubuntu, Amazon Linux, and WordPress. This magic byte shift bypasses even the most secure policies.
Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide
Torrance, United States / California, December 12th, 2025, CyberNewsWire In December 2025, CVE-2025-55182 (React2Shell), a vulnerability in React…
Critical ‘React2Shell’ Vulnerability (CVE-2025-55182) is Being Actively Exploited
React2Shell, a critical, max-severity flaw (CVE-2025-55182) allows unauthenticated RCE in React and Next.js. Security researchers confirm active exploitation. Update immediately!
Monsta FTP Vulnerability Exposed Thousands of Servers to Full Takeover
Monsta FTP users must update now! A critical pre-authentication flaw (CVE-2025-34299) allows hackers to fully take over web servers. Patch to version 2.11.3 immediately.
Medusa Ransomware Exploiting GoAnywhere MFT Flaw, Confirms Microsoft
Latest reports suggest the critical GoAnywhere MFT vulnerability (CVE-2025-10035, CVSS 10.0) is actively exploited by the Medusa ransomware gang for unauthenticated RCE. Patch immediately.