#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
State of SaaS

remote code execution | Breaking Cybersecurity News | The Hacker News

Category — remote code execution
Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation

Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation

Jan 17, 2025 Firmware Security / Vulnerability
Cybersecurity researchers have disclosed three security flaws in Planet Technology's WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on susceptible devices. "These switches are widely used in building and home automation systems for a variety of networking applications," Claroty's Tomer Goldschmidt said in a Thursday report. "An attacker who is able to remotely control one of these devices can use them to further exploit devices in an internal network and do lateral movement." The operational technology security firm, which carried out an extensive analysis of the firmware used in these switches using the QEMU framework, said the vulnerabilities are rooted in the dispatcher.cgi interface used to provide a web service. The list of flaws is below - CVE-2024-52558 (CVSS score: 5.3) - An integer underflow flaw that can allow an unauthenticated attacker to send a malformed HTTP request, resulting in...
3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update

3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update

Jan 15, 2025 Patch Tuesday / Zero-Day
Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks. Of the 161 flaws, 11 are rated Critical and 149 are rated Important in severity. One other flaw, a non-Microsoft CVE related to a Windows Secure Boot bypass ( CVE-2024-7344 , CVSS score: 6.7), has not been assigned any severity. According to the Zero Day Initiative , the update marks the largest number of CVEs addressed in a single month since at least 2017. The fixes are in addition to seven vulnerabilities the Windows maker addressed in its Chromium-based Edge browser since the release of December 2024 Patch Tuesday updates. Prominent among the patches released by Microsoft is a trio of flaws in Windows Hyper-V NT Kernel Integration VSP ( CVE-2025-21333 , CVE-2025-21334 , and CVE-2025-21335 , CVSS scores: 7.8) that the company said has come under active exploitation in the wild. ...
Product Walkthrough: How Reco Discovers Shadow AI in SaaS

Future-Ready Trust: Learn How to Manage Certificates Like Never Before

WebinarTrust Management / SSL Certificate
Managing digital trust shouldn't feel impossible. Join us to discover how DigiCert ONE transforms certificate management—streamlining trust operations, ensuring compliance, and future-proofing your digital strategy.
Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners

Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners

Jan 13, 2025 Vulnerability / Cloud Security
A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency miners. Cloud security firm Wiz said it's currently responding to "multiple incidents" involving the weaponization of CVE-2024-50603 (CVSS score: 10.0), a maximum severity bug that could result in unauthenticated remote code execution. Put differently, a successful exploitation of the flaw could permit an attacker to inject malicious operating system commands owing to the fact that certain API endpoints do not adequately sanitize user-supplied input. The vulnerability has been addressed in versions 7.1.4191 and 7.2.4996. Jakub Korepta, a security researcher at Polish cybersecurity company Securing, has been credited with discovering and reporting the shortcoming. A proof-of-concept (PoC) exploit has since been made publicly available . Data gathered by the cybersecurity company...
cyber security

Secure Your Azure: Proactive Tips for Cloud Protection

websiteWizCloud Security
Discover how to boost your Azure cloud security with practical steps to help you maintain control and visibility.
Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection

Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection

Jan 09, 2025 Vulnerability / Threat Intelligence
Threat actors are attempting to take advantage of a recently disclosed security flaw impacting GFI KerioControl firewalls that, if successfully exploited, could allow malicious actors to achieve remote code execution (RCE). The vulnerability in question, CVE-2024-52875 , refers to a carriage return line feed ( CRLF ) injection attack, paving the way for HTTP response splitting , which could then lead to a cross-site scripting (XSS) flaw. Successful exploitation of the 1-click RCE flaw permits an attacker to inject malicious inputs into HTTP response headers by introducing carriage return (\r) and line feed (\n) characters.  The flaw impacts KerioControl versions 9.2.5 through 9.4.5, according to security researcher Egidio Romano, who discovered and reported the flaw in early November 2024. The HTTP response splitting flaws have been uncovered in the following URI paths - /nonauth/addCertException.cs /nonauth/guestConfirm.cs /nonauth/expiration.cs "User input passed ...
LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers

LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers

Jan 03, 2025 Windows Server / Threat Mitigation
A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger a denial-of-service (DoS) condition. The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 (CVSS score: 7.5). It was addressed by Microsoft as part of Patch Tuesday updates for December 2024, alongside CVE-2024-49112 (CVSS score: 9.8), a critical integer overflow flaw in the same component that could result in remote code execution. Credited with discovering and reporting both vulnerabilities is independent security researcher Yuki Chen ( @guhe120 ). The CVE-2024-49113 PoC devised by SafeBreach Labs, codenamed LDAPNightmare , is designed to crash any unpatched Windows Server "with no pre-requisites except that the DNS server of the victim DC has Internet connectivity."  Specifically, it entails sending a DCE/RPC request to the victim server, ultimately causing the Local Security Authority Su...
15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials

15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials

Dec 28, 2024 Vulnerability / Threat Intelligence
A high-severity flaw impacting select Four-Faith industrial routers has come under active exploitation in the wild, according to new findings from VulnCheck. The vulnerability, tracked as CVE-2024-12856 (CVSS score: 7.2), has been described as an operating system (OS) command injection bug affecting router models F3x24 and F3x36. The severity of the shortcoming is lower due to the fact that it only works if the remote attacker is able to successfully authenticate themselves. However, if the default credentials associated with the routers have not been changed, it could result in unauthenticated OS command execution. In the attack detailed by VulnCheck, the unknown threat actors have been found to leverage the router's default credentials to trigger exploitation of CVE-2024-12856 and launch a reverse shell for persistent remote access. The exploitation attempt originated from the IP address 178.215.238[.]91 , which has been previously used in connection with attacks seeking to...
Apache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe Serialization

Apache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe Serialization

Dec 27, 2024 Vulnerability / Software Security
The Apache Software Foundation (ASF) has released patches to address a maximum severity vulnerability in the MINA Java network application framework that could result in remote code execution under specific conditions. Tracked as CVE-2024-52046 , the vulnerability carries a CVSS score of 10.0. It affects versions 2.0.X, 2.1.X, and 2.2.X. "The ObjectSerializationDecoder in Apache MINA uses Java's native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses," the project maintainers said in an advisory released on December 25, 2024. "This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious serialized data, potentially leading to remote code execution (RCE) attacks." However, it bears noting that the vulnerability is exploitable only if the "IoBuffer#getObject()" method is invoked in combination with certain classes such as ProtocolC...
Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now

Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now

Dec 25, 2024 Server Security / Vulnerability
The Apache Software Foundation (ASF) has shipped security updates to address a critical security flaw in Traffic Control that, if successfully exploited, could allow an attacker to execute arbitrary Structured Query Language (SQL) commands in the database. The SQL injection vulnerability, tracked as CVE-2024-45387 , is rated 9.9 out of 10.0 on the CVSS scoring system. "An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role 'admin,' 'federation,' 'operations,' 'portal,' or 'steering' to execute arbitrary SQL against the database by sending a specially-crafted PUT request," project maintainers said in an advisory. Apache Traffic Control is an open-source implementation of a Content Delivery Network (CDN). It was announced as a top-level project (TLP) by the AS in June 2018. Tencent YunDing Security Lab researcher Yuan Luo has been credited with discoveri...
Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks

Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks

Dec 24, 2024 Vulnerability / Zero Day
The Apache Software Foundation (ASF) has released a security update to address an important vulnerability in its Tomcat server software that could result in remote code execution (RCE) under certain conditions. The vulnerability, tracked as CVE-2024-56337 , has been described as an incomplete mitigation for CVE-2024-50379 (CVSS score: 9.8), another critical security flaw in the same product that was previously addressed on December 17, 2024. "Users running Tomcat on a case insensitive file system with the default servlet write enabled (readonly initialisation parameter set to the non-default value of false) may need additional configuration to fully mitigate CVE-2024-50379 depending on which version of Java they are using with Tomcat," the project maintainers said in an advisory last week. Both the flaws are Time-of-check Time-of-use ( TOCTOU ) race condition vulnerabilities that could result in code execution on case-insensitive file systems when the default servlet is...
Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation

Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation

Dec 20, 2024 Firewall Security / Vulnerability
Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions. Of the three, two are rated Critical in severity. There is currently no evidence that the shortcomings have been exploited in the wild. The list of vulnerabilities is as follows - CVE-2024-12727 (CVSS score: 9.8) - A pre-auth SQL injection vulnerability in the email protection feature that could lead to remote code execution, if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability ( HA ) mode. CVE-2024-12728 (CVSS score: 9.8) - A weak credentials vulnerability arising from a suggested and non-random SSH login passphrase for High Availability (HA) cluster initialization that remains active even after the HA establishment process completed, thereby exposing an account with privileged access if SSH is ena...
Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected

Patch Alert: Critical Apache Struts Flaw Found, Exploitation Attempts Detected

Dec 18, 2024 Cyber Attack / Vulnerability
Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677 , carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023 ( CVE-2023-50164 , CVSS score: 9.8), which also came under active exploitation shortly after public disclosure. "An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution," according to the Apache advisory . In other words, successful exploitation of the flaw could allow a malicious actor to upload arbitrary payloads to susceptible instances, which could then be leveraged to run commands, exfiltrate data, or download additional payloads for follow-on exploitation. T...
WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins

WordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable Plugins

Dec 12, 2024 Website Security / Vulnerability
Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks. The flaw, tracked as CVE-2024-11972 (CVSS score: 9.8), affects all versions of the plugin prior to 1.9.0. The plugin has over 10,000 active installations. "This flaw poses a significant security risk, as it enables attackers to install vulnerable or closed plugins, which can then be exploited for attacks such as Remote Code Execution (RCE), SQL Injection, Cross‑Site Scripting (XSS), or even the creation of administrative backdoors," WPScan said in a report. To make matters worse, attackers could leverage outdated or abandoned plugins to circumvent security measures, tamper with database records, execute malicious scripts, and seize control of the sites. WPScan said it uncovered the security defect when analyzing an infection on an unspecified WordPress site, finding that threat actors ...
Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities

Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities

Dec 11, 2024 Vulnerability / Network Security
Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) and Connect Secure products that could lead to privilege escalation and code execution. The list of vulnerabilities is as follows - CVE-2024-11639 (CVSS score: 10.0) - An authentication bypass vulnerability in the admin web console of Ivanti CSA before 5.0.3 that allows a remote unauthenticated attacker to gain administrative access CVE-2024-11772 (CVSS score: 9.1) - A command injection vulnerability in the admin web console of Ivanti CSA before version 5.0.3 that allows a remote authenticated attacker with admin privileges to achieve remote code execution CVE-2024-11773 (CVSS score: 9.1) - An SQL injection vulnerability in the admin web console of Ivanti CSA before version 5.0.3 that allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements CVE-2024-11633 (CVSS score: 9.1) - An argument injection vulnerability in Ivanti Con...
Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged

Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged

Dec 10, 2024 Vulnerability / Threat Analysis
Users of Cleo-managed file transfer software are being urged to ensure that their instances are not exposed to the internet following reports of mass exploitation of a vulnerability affecting fully patched systems. Cybersecurity company Huntress said it discovered evidence of threat actors exploiting the issue en masse on December 3, 2024. The vulnerability, which impacts Cleo's LexiCom, VLTransfer, and Harmony software, concerns a case of unauthenticated remote code execution. The security hole is tracked as CVE-2024-50623 (CVSS score: 9.8), with Cleo noting that the flaw is the result of an unrestricted file upload that could pave the way for the execution of arbitrary code. The Illinois-based company, which has over 4,200 customers across the world, has since issued another advisory (CVE-2024-55956), warning of a separate "unauthenticated malicious hosts vulnerability that could lead to remote code execution." The development comes after Huntress said the pat...
Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console

Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console

Dec 04, 2024 Vulnerability / Ransomware
Veeam has released security updates to address a critical flaw impacting Service Provider Console (VSPC) that could pave the way for remote code execution on susceptible instances. The vulnerability, tracked as CVE-2024-42448, carries a CVSS score of 9.9 out of a maximum of 10.0. The company noted that the bug was identified during internal testing. "From the VSPC management agent machine, under the condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine," Veeam said in an advisory. Another defect patched by Veeam relates to a vulnerability (CVE-2024-42449, CVSS score: 7.1) that could be abused to leak an NTLM hash of the VSPC server service account and delete files on the VSPC server machine. Both the identified vulnerabilities affect Veeam Service Provider Console 8.1.0.21377 and all earlier versions of 7 and 8 builds. They have been addressed in version 8.1.0.21999. Veeam furt...
NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise

NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise

Dec 03, 2024 Endpoint Security / Vulnerability
Cybersecurity researchers have disclosed a set of flaws impacting Palo Alto Networks and SonicWall virtual private network (VPN) clients that could be potentially exploited to gain remote code execution on Windows and macOS systems. "By targeting the implicit trust VPN clients place in servers, attackers can manipulate client behaviours, execute arbitrary commands, and gain high levels of access with minimal effort," AmberWolf said in an analysis. In a hypothetical attack scenario, this plays out in the form of a rogue VPN server that can trick the clients into downloading malicious updates that can cause unintended consequences. The result of the investigation is a proof-of-concept (PoC) attack tool called NachoVPN that can simulate such VPN servers and exploit the vulnerabilities to achieve privileged code execution. The identified flaws are listed below - CVE-2024-5921 (CVSS score: 5.6) - An insufficient certificate validation vulnerability impacting Palo Alto N...
Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP

Over Two Dozen Flaws Identified in Advantech Industrial Wi-Fi Access Points – Patch ASAP

Nov 28, 2024 IoT Security / Vulnerability
Nearly two dozen security vulnerabilities have been disclosed in Advantech EKI industrial-grade wireless access point devices, some of which could be weaponized to bypass authentication and execute code with elevated privileges. "These vulnerabilities pose significant risks, allowing unauthenticated remote code execution with root privileges, thereby fully compromising the confidentiality, integrity, and availability of the affected devices," cybersecurity company Nozomi Networks said in a Wednesday analysis. Following responsible disclosure, the weaknesses have been addressed in the following firmware versions - 1.6.5 (for EKI-6333AC-2G and EKI-6333AC-2GD) 1.2.2 (for EKI-6333AC-1GPO) Six of the identified 20 vulnerabilities have been deemed critical, allowing an attacker to obtain persistent access to internal resources by implanting a backdoor, trigger a denial-of-service (DoS) condition, and even repurpose infected endpoints as Linux workstations to enable latera...
Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks

Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks

Nov 26, 2024 Vulnerability / Website Security
Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin for WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution. The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781 , carry a CVSS score of 9.8 out of a maximum of 10.0. They were addressed in versions 6.44 and 6.45 released this month. Installed on over 200,000 WordPress sites, CleanTalk's Spam protection,f Anti-Spam, FireWall plugin is advertised as a "universal anti-spam plugin" that blocks spam comments, registrations, surveys, and more. According to Wordfence, both vulnerabilities concern an authorization bypass issue that could allow a malicious actor to install and activate arbitrary plugins. This could then pave the way for remote code execution if the activated plugin is vulnerable of its own. The plugin is "vulnerable to unauthorized Arbitrary Plugin ...
Expert Insights / Articles Videos
Cybersecurity Resources