Topic: remote exploitation
-
D-Link DIR-878 routers have critical RCE flaws
D-Link has issued a critical alert for its unsupported DIR-878 router, revealing three severe vulnerabilities that allow unauthenticated remote command execution, with exploit code already public. The router, discontinued in 2021 but still sold, will not receive patches, and D-Link advises users ...
Read More » -
CISA: Hackers Actively Exploiting WatchGuard Firewall Flaw
A critical security flaw (CVE-2025-9242) in WatchGuard Firebox firewalls is being actively exploited, prompting CISA to issue an urgent patch directive to federal agencies. The vulnerability stems from an out-of-bounds write weakness in Fireware OS, affecting over 54,000 devices globally, with fe...
Read More » -
Urgent: Patch Critical Cisco UCCX Vulnerabilities Now
Cisco has patched two critical vulnerabilities (CVE-2025-20358 and CVE-2025-20354) in its Unified Contact Center Express platform, which could allow attackers to bypass authentication and gain root-level control. CVE-2025-20358 enables unauthenticated attackers to manipulate the login process and...
Read More » -
Urgent CISA Alert: Active Attacks Exploit Critical CentOS Bug
A critical security flaw (CVE-2025-48703) in CentOS Web Panel allows unauthenticated attackers to execute arbitrary commands, prompting CISA to issue an urgent patch-or-discontinue directive by November 25. The vulnerability stems from improper handling of the 'changePerm' endpoint and unsanitize...
Read More » -
Moxa Devices Expose Hard-Coded Credentials (CVE-2025-6950)
Moxa has urgently patched five critical vulnerabilities in its industrial network devices, including a severe flaw (CVE-2025-6950) that allows remote attackers to take full control without authentication. The vulnerabilities include authentication bypasses and privilege escalations, enabling unau...
Read More » -
Oracle Issues Urgent Patch for Critical E-Business Suite Flaw
Oracle has released an urgent security patch for a critical vulnerability (CVE-2025-61884) in its E-Business Suite, which can be exploited remotely without authentication to access confidential information. The vulnerability, with a CVSS score of 7.5, affects EBS versions 12.2.3 to 12.2.14, and O...
Read More » -
Microsoft GoAnywhere Flaw Fuels Ransomware Attacks
A critical vulnerability (CVE-2025-10035) in Fortra's GoAnywhere MFT platform is being exploited by ransomware attackers, allowing remote access without user interaction. The cybercrime group Storm-1175, linked to Medusa ransomware, is actively using this flaw to gain initial access, deploy remot...
Read More » -
60,000 Redis Servers Exposed by Critical Security Flaw
A critical vulnerability (CVE-2025-49844) in Redis, rated 10.0 in severity, allows attackers to gain full control over servers by exploiting a flaw in the Lua scripting engine that has existed for 13 years. Approximately 60,000 publicly accessible Redis servers with no authentication are at direc...
Read More » -
Urgent: Hackers Exploit Unpatched Oracle EBS Vulnerabilities
Oracle has confirmed active exploitation of unpatched vulnerabilities in its E-Business Suite, with hackers sending extortion emails claiming to have stolen sensitive corporate data. The vulnerabilities were resolved in the July 2025 Critical Patch Update, which addressed nine EBS flaws, includin...
Read More » -
Oracle Ties Clop Ransomware to Critical July 2025 Flaws
Oracle has linked extortion emails from the Clop ransomware group to critical vulnerabilities in its E-Business Suite, which were patched in July 2025, urging customers to apply updates immediately. The attackers claim to have stolen sensitive data from Oracle systems and are threatening to relea...
Read More » -
Oracle Warns Known Flaws Fueling Recent Ransomware Attacks
Oracle is warning that known vulnerabilities in its E-Business Suite are being exploited in ransomware attacks, with customers receiving extortion emails linked to patched security flaws. The Cl0p ransomware group, possibly connected to FIN11, is suspected of sending these emails from compromised...
Read More » -
Urgent WD My Cloud Flaw Enables Remote Hacks
Western Digital released an urgent firmware update (version 5.31.108) to fix a critical security flaw (CVE-2025-30247) in multiple My Cloud NAS devices, which allows remote command execution via crafted HTTP requests. The update applies to several models, but end-of-support devices like the My Cl...
Read More » -
Cisco Warns: Patch This Critical RCE & DoS Bug Now
A critical vulnerability (CVE-2025-20352) in Cisco's IOS and IOS XE Software allows remote attackers to execute arbitrary code or cause a denial-of-service if they have compromised credentials. The flaw exists in the SNMP subsystem and can be triggered by sending a crafted packet, with exploitati...
Read More » -
Unpatched Fortra GoAnywhere Flaw Risks Full System Takeover
A critical vulnerability (CVE-2025-10035) in Fortra's GoAnywhere MFT platform allows full system takeover via a deserialization flaw in the License servlet, requiring immediate patching. Exploitation necessitates access to the admin console, echoing a 2023 incident where exposed consoles led to w...
Read More » -
Fortra Issues Critical Alert for GoAnywhere MFT Vulnerability
Fortra has issued an urgent alert for a critical vulnerability (CVE-2025-10035) in GoAnywhere MFT software, allowing remote command injection due to unsafe data deserialization. The vulnerability can be exploited without user interaction, particularly affecting internet-exposed Admin Consoles, an...
Read More » -
Plex Data Breach: Users Urged to Change Passwords, Upgrade Servers
Plex has confirmed a security breach involving unauthorized access to customer emails, usernames, and securely hashed passwords, but no payment information was compromised. The company advises all users to reset their passwords, enable two-factor authentication, and log out from all devices to en...
Read More »