InfoQ

Redis Critical Remote Code Execution Vulnerability Discovered After 13 Years

This critical (CVSS 10.0) use-after-free (UAF) vulnerability in Lua scripting could allow authenticated attackers to execute ...
The Hacker News

Hackers Exploiting Triofox Flaw to Install Remote Access Tools via Antivirus Feature

"To achieve code execution, the attacker logged in using the newly created Admin account. The attacker uploaded malicious ...

JFrog discloses CVSS 9.8 React vulnerability putting millions of developers at risk

Security researchers at software supply chain company JFrog Ltd. today revealed details of a critical vulnerability in React, ...
InfoWorld

RCE in React Native CLI opens Dev Servers to attacks

The bug exposes the Metro development server to remote attacks, allowing arbitrary OS command execution on developer systems ...
CSOonline

Some Brother printers have a remote code execution vulnerability, and they can’t fix it

An authentication bypass vulnerability in the printers, hardcoded at the factory, can be chained with another flaw for remote code execution on affected devices. Brother Industries is grappling with a ...
ZDNet

Critical Zoom vulnerability triggers remote code execution without user input

Pwn2Own, organized by the Zero Day Initiative, is a contest for white-hat cybersecurity professionals and teams to compete in the discovery of bugs in popular software and services. The latest ...
ZDNet

Remote code execution flaw patched in Linux Kernel TIPC module

The Transparent Inter Process Communication (TIPC) module has been designed to facilitate intra-cluster communication across Ethernet or UDP connections and is capable of service addressing, tracking, ...
Bleeping Computer

Critical Sophos Firewall vulnerability allows remote code execution

Sophos has fixed a critical vulnerability in its Sophos Firewall product that allows remote code execution (RCE). Tracked as CVE-2022-1040, the authentication bypass vulnerability exists in the User ...
Threat Post

Google Chrome V8 Bug Allows Remote Code-Execution

The internet behemoth rolled out the Chrome 90 stable channel release to address this and eight other security vulnerabilities. Google’s Chrome browser has several security vulnerabilities that could ...
CSOonline

Recently patched Juniper firewall flaws allow remote code execution

Researchers have chained two medium severity vulnerabilities to execute "world ending" remote code execution, and a real-world exploit has been found. Hackers have begun exploiting recently patched ...
Bleeping Computer

Apache fixes critical OFBiz remote code execution vulnerability

Apache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers.
TechSpot

Microsoft Office zero-day vulnerability that allows remote code execution is being actively exploited

Why it matters: Microsoft has received reports of a remote code execution (RCE) vulnerability (CVE-2021-40444) hackers are actively exploiting. The attack uses maliciously crafted Microsoft Office ...