SecurityWeek

RondoDox Botnet Exploiting React2Shell Vulnerability

December 2025, the RondoDox botnet operators have been targeting Next.js servers impacted by the React2Shell vulnerability.
CSOonline

Gladinet servers file-sharing servers allow remote code execution

Enterprises relying on Gladinet’s file-sharing services are faced with another round of zero-day patching, this time to block attackers from abusing cryptographic keys directly baked into its ...
InfoWorld

Flaw in React Native CLI opens dev servers to attacks

The bug exposes the Metro development server to remote attacks, allowing arbitrary OS command execution on developer systems before a fix in version 20.0.0. A critical remote-code execution (RCE) flaw ...
Infosecurity-magazine.com

New GDI Flaws Could Enable Remote Code Execution in Windows

A set of previously unknown flaws in Windows Graphics Device Interface (GDI) that could enable remote code execution and information disclosure has been revealed after Microsoft released fixes. These ...
Fox News

Man executed in Florida for 1990 killings as state leads nation in executions this year

A man sentenced to death for a 1990 double murder was executed in Florida on Tuesday, marking the state’s 13th execution this year and surpassing its previous annual record. Victor Tony Jones, 64, was ...
Ars Technica

As many as 2 million Cisco devices affected by actively exploited 0-day

As many as 2 million Cisco devices are susceptible to an actively exploited zero-day that can remotely crash or execute code on vulnerable systems. Cisco said Wednesday that the vulnerability, tracked ...
Network World

Cisco admins urged to patch IOS, IOS XE devices

Network admins should quickly patch a vulnerability in Cisco Systems IOS and IOS XE software to remove a stack overflow condition in the software’s Simple Network Management Protocol (SNMP) subsystem ...
GitHub

YifangCMS V2.0.0 Background Remote Code Execution (RCE)

follow in c_file->webUploader.It uses the $uploadpath parameter to generate the storage directory for our uploaded files, which can be controlled.Then it passes the ...
Cyber Defense Magazine

Fake (Hallucinated) Remote Code Execution (RCEs) in LLM Applications

As agents become integrated with more advanced functionality, such as code generation, you will see more Remote Code Execution (RCE)/Command Injection vulnerabilities in LLM applications. However, ...
The Hacker News

Researchers Warn of Sitecore Exploit Chain Linking Cache Poisoning and Remote Code Execution

Three new security vulnerabilities have been disclosed in the Sitecore Experience Platform that could be exploited to achieve information disclosure and remote code execution. Patches for the first ...
Computer Weekly

Commvault users told to patch two RCE exploit chains

Data backup and replication specialist Commvault has issued patches covering off four vulnerabilities in its core software product that, left unaddressed, could be combined to achieve two distinct ...