RCE

52M-Download protobuf.js Library Hit by RCE in Schema Handling

2 minute read

Security

52M-Download protobuf.js Library Hit by RCE in Schema Handling

Critical RCE flaw in protobuf.js lets attackers execute code via malicious schemas. Learn who is at risk, affected versions, and how to fix it.

byDeeba Ahmed

April 20, 2026

ShowDoc Vulnerability Patched in 2020 Now Used in Active Server Takeovers

3 minute read

Security

ShowDoc Vulnerability Patched in 2020 Now Used in Active Server Takeovers

Hackers are exploiting a 5-year-old ShowDoc vulnerability (CVE-2025-0520) to deploy web shells, enabling RCE and full server takeover worldwide.

byDeeba Ahmed

April 18, 2026

ImageMagick Zero-Day Alert: Massive Security Flaw Leaves Millions of Servers and WordPress Sites Vulnerable

2 minute read

Security

ImageMagick Zero-Day Enables RCE on Linux and WordPress Servers

New research from Octagon Networks reveals a critical zero-day ImageMagick vulnerability that allows Remote Code Execution (RCE) via simple image uploads affecting Ubuntu, Amazon Linux, and WordPress. This magic byte shift bypasses even the most secure policies.

byDeeba Ahmed

April 1, 2026

4 minute read

Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide

Torrance, United States / California, December 12th, 2025, CyberNewsWire In December 2025, CVE-2025-55182 (React2Shell), a vulnerability in React…

byCyberNewswire

December 15, 2025

3 minute read

Critical ‘React2Shell’ Vulnerability (CVE-2025-55182) is Being Actively Exploited

React2Shell, a critical, max-severity flaw (CVE-2025-55182) allows unauthenticated RCE in React and Next.js. Security researchers confirm active exploitation. Update immediately!

byDeeba Ahmed

December 6, 2025

Critical Monsta FTP Flaw Left 5,000+ Web Servers Open to Full Server Takeover

2 minute read

Security

Monsta FTP Vulnerability Exposed Thousands of Servers to Full Takeover

Monsta FTP users must update now! A critical pre-authentication flaw (CVE-2025-34299) allows hackers to fully take over web servers. Patch to version 2.11.3 immediately.

byDeeba Ahmed

November 10, 2025

Medusa Ransomware Exploiting GoAnywhere MFT Flaw, Confirms Microsoft

2 minute read

Security

Medusa Ransomware Exploiting GoAnywhere MFT Flaw, Confirms Microsoft

Latest reports suggest the critical GoAnywhere MFT vulnerability (CVE-2025-10035, CVSS 10.0) is actively exploited by the Medusa ransomware gang for unauthenticated RCE. Patch immediately.

byDeeba Ahmed

October 7, 2025

15,000 Jenkins Servers at Risk from RCE Vulnerability (CVE-2025-53652)

2 minute read

Security

15,000 Jenkins Servers at Risk from RCE Vulnerability (CVE-2025-53652)

A new report by VulnCheck exposes a critical command injection flaw (CVE-2025-53652) in the Jenkins Git Parameter plugin.…

byDeeba Ahmed

August 8, 2025

SonicWall Urges Patch After 3 Major VPN Vulnerabilities Disclosed

2 minute read

Security

SonicWall Urges Patch After 3 Major VPN Vulnerabilities Disclosed

watchTowr's latest research details critical SonicWall SMA100 flaws (CVE-2025-40596, 40597, 40598). Discover how pre-auth stack/heap overflows and XSS put SSL-VPNs at risk. Patch now!

byDeeba Ahmed

July 30, 2025

3 minute read

Billions of Apple Devices at Risk from “AirBorne” AirPlay Vulnerabilities

Oligo Security uncovers “AirBorne,” a set of 23 vulnerabilities in Apple AirPlay affecting billions of devices. Learn how…

byDeeba Ahmed

May 3, 2025

The Latest

BreachLock Named Representative Vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation

The Ungoverned Workforce: Cybersecurity Insiders Finds 92% Lack Visibility Into AI Identities

Threat Intel Scraping Without Burning Your Cover or Your Stack

Grinex crypto exchange shuts down, blames Western agencies for $13.7M breach

RCE

ShowDoc Vulnerability Patched in 2020 Now Used in Active Server Takeovers

ImageMagick Zero-Day Enables RCE on Linux and WordPress Servers

Critical React2Shell Vulnerability (CVE-2025-55182) Analysis: Surge in Attacks Targeting RSC-Enabled Services Worldwide

Critical ‘React2Shell’ Vulnerability (CVE-2025-55182) is Being Actively Exploited

Monsta FTP Vulnerability Exposed Thousands of Servers to Full Takeover

Medusa Ransomware Exploiting GoAnywhere MFT Flaw, Confirms Microsoft

15,000 Jenkins Servers at Risk from RCE Vulnerability (CVE-2025-53652)

SonicWall Urges Patch After 3 Major VPN Vulnerabilities Disclosed

Billions of Apple Devices at Risk from “AirBorne” AirPlay Vulnerabilities

BreachLock Named Representative Vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation

The Ungoverned Workforce: Cybersecurity Insiders Finds 92% Lack Visibility Into AI Identities

Security Risk Advisors Purple Team Participants Can Now Earn CPE Credits

Mallory Launches AI-Native Threat Intelligence Platform, Turning Global Threat Data Into Prioritized Action

AI Future: The Leading International AI and Web3 Forum to Take Place in April