top of page
ALL POSTS
ShinyHunters Exploits Oracle PeopleSoft Zero-Day to Breach 100+ Universities Worldwide
Key Findings ShinyHunters exploited CVE-2026-35273, a zero-day remote code execution vulnerability in Oracle PeopleSoft Enterprise PeopleTools rated 9.8/10, to breach over 100 organizations between May 27 and June 9 The vulnerability required only network access over HTTP with no authentication or user interaction, affecting any organization with Environment Management Hub endpoints exposed externally Approximately 68 percent of affected organizations were in higher education
Jun 113 min read
CISA Updates Active Exploit Catalog: Cisco, Arista, and Chromium Vulnerabilities Added
Key Findings CISA added three actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog, requiring immediate remediation across federal and enterprise networks Cisco Catalyst SD-WAN Manager flaw (CVE-2026-20245) allows authenticated attackers to execute commands as root through improper input encoding Google Chromium V8 memory vulnerability (CVE-2026-11645) enables remote code execution via malicious HTML pages with a critical 8.8 CVSS score Arista EOS
Jun 102 min read
Veeam Backup & Replication RCE Vulnerability Allows Domain Users to Execute Remote Code on Servers
Key Findings Critical remote code execution vulnerability (CVE-2026-44963, CVSS 9.4) in Veeam Backup & Replication allows authenticated domain users to execute arbitrary code on backup servers Affects all Veeam Backup & Replication version 12.x builds up to 12.3.2.4465 Patched in version 12.3.2.4854; version 13.x unaffected due to architectural changes Discovered by watchTowr researcher Sina Kheirkhah No known in-the-wild exploitation at this time, but attacks likely to follo
Jun 102 min read
Chrome V8 Zero-Day CVE-2026-11645 Being Exploited in the Wild - Apply Patch Immediately
Key Findings Google released security updates addressing 74 vulnerabilities, including CVE-2026-11645, a high-severity zero-day actively exploited in the wild CVE-2026-11645 is an out-of-bounds memory access flaw in V8 with a CVSS score of 8.8 that allows remote code execution via crafted HTML pages This is the fifth actively exploited Chrome zero-day in 2026, following CVE-2026-2441, CVE-2026-3909, CVE-2026-3910, and CVE-2026-5281 CISA added CVE-2026-42271, a command injecti
Jun 93 min read
Critical Flaw Found in Langflow AI's Architecture
Key Findings Critical vulnerability CVE-2026-7524 in Langflow OSS framework allows arbitrary file reading and remote code execution with CVSS score of 9.8 Flaw exploits symlink handling in archive extraction across Docling, Docling Serve, and Unstructured API modules Attackers can steal JWT secrets, forge authorization tokens, and execute arbitrary Python code through chatbot queries Affects versions 1.0.0 through 1.9.1; patch available in version 1.9.2 Separate critical vuln
May 283 min read
Microsoft SharePoint's New RCE Flaw: Patch Now If You Haven't Already
Key Findings Critical remote code execution vulnerability CVE-2026-45659 identified in Microsoft SharePoint with CVSS score of 8.8 Flaw exploitable by any authenticated user with Site Member permissions or higher, requiring only network access Root cause is unsafe deserialization of untrusted data allowing arbitrary code execution on servers Security patches released for SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016 Expl
May 272 min read
Critical RCE Vulnerabilities in Backup and CMS Infrastructure: Unauthenticated Exploits in Kopia and TYPO3
Key Findings Critical unauthenticated remote code execution flaw in Kopia backup server HTTP implementation tracked as CVE-2026-45695 with CVSS score of 9.8 Vulnerability stems from improper command argument parsing in SSH backend handling without input validation or quote handling Attack exploits SSH ProxyCommand injection via the /api/v1/repo/exists endpoint when server runs with --without-password flag Requires only single HTTP request with no user interaction to achieve f
May 242 min read
Supply Chain Attack: 700+ Laravel Lang Versions Infected with RCE Backdoor
Key Findings Over 700 historical versions of laravel-lang localization packages compromised with RCE backdoors across multiple repositories Attack occurred May 22-23, 2026 with automated mass tag publishing seconds apart, indicating infrastructure-level breach Malicious code executes automatically via composer autoload.files on every PHP request in affected applications Second-stage payload deploys 17 specialized credential collectors targeting cloud keys, Kubernetes tokens,
May 233 min read
Microsoft May 2026 Patch Tuesday: 137 Vulnerabilities Patched, 13 Critical
Key Findings Microsoft released 137 security updates in May 2026 Patch Tuesday with 13-16 critical vulnerabilities, marking the first month without active zero-day exploits in nearly two years AI-powered vulnerability discovery tools like Anthropic's Project Glasswing are significantly increasing patch volume across the industry, with some vendors fixing record numbers of flaws Three critical Microsoft vulnerabilities pose immediate enterprise risk: CVE-2026-41089 (Windows Ne
May 123 min read
PAN-OS RCE Exploit Actively Exploited for Root Access and Surveillance Operations
Key Findings CVE-2026-0300, a critical buffer overflow in PAN-OS User-ID Authentication Portal, is under active exploitation by suspected state-sponsored actors Unsuccessful exploitation attempts began April 9, 2026, with successful remote code execution achieved a week later Attackers achieved root-level access and injected shellcode into nginx worker processes Post-exploitation activities included Active Directory enumeration and deployment of EarthWorm and ReverseSocks5 to
May 83 min read
Ivanti EPMM CVE-2026-6973 RCE Actively Exploited to Grant Admin-Level Access
Key Findings Ivanti Endpoint Manager Mobile (EPMM) vulnerability CVE-2026-6973 is under active exploitation in limited attacks, requiring administrative authentication for RCE Five additional vulnerabilities patched in EPMM range from CVSS 7.0 to 8.9, with multiple allowing unauthenticated access and privilege escalation CISA added CVE-2026-6973 to Known Exploited Vulnerabilities catalog, mandating Federal agencies patch by May 10, 2026 Palo Alto Networks PAN-OS critical buff
May 73 min read
Apache HTTP/2 Critical Double-Free Vulnerability (CVE-2026-23918) Enables RCE and DoS Attacks
Key Findings Apache HTTP Server 2.4.66 contains CVE-2026-23918, a critical double-free vulnerability in HTTP/2 handling with a CVSS score of 8.8 The flaw enables both denial-of-service attacks and remote code execution under certain conditions Affected versions are patched in Apache 2.4.67 Exploitation requires minimal effort for DoS but RCE demands specific server configurations with APR mmap allocator MPM prefork mode is not affected, but HTTP/2's widespread deployment sign
May 62 min read
GitHub CVE-2026-3854: Critical RCE Vulnerability Triggered by Single Git Push
Key Findings Critical command injection vulnerability (CVE-2026-3854, CVSS 8.7) allows authenticated users to achieve remote code execution via a single git push command Affects GitHub.com, GitHub Enterprise Cloud, and GitHub Enterprise Server across multiple versions Flaw stems from unsanitized user-supplied git push options being embedded in internal service headers without proper delimiter handling Exploitation chain allows attackers to bypass sandbox protections, redirect
Apr 283 min read
Anthropic MCP Design Flaw Exposes Critical RCE Risk in AI Supply Chain
Key Findings Critical "by design" vulnerability in Anthropic's Model Context Protocol (MCP) architecture enables remote code execution (RCE) on any system running vulnerable MCP implementations Unsafe defaults in STDIO transport interface configuration allow attackers to execute arbitrary OS commands and access sensitive data, API keys, and chat histories Vulnerability affects over 7,000 publicly accessible servers and software packages totaling more than 150 million download
Apr 213 min read
PHP Composer Vulnerabilities Allow Remote Code Execution Through Perforce Integration
Key Findings Two high-severity command injection vulnerabilities discovered in PHP Composer's Perforce VCS driver CVE-2026-40176 (CVSS 7.8) and CVE-2026-40261 (CVSS 8.8) allow arbitrary command execution through malicious repository configs and crafted inputs Patches released: Composer 2.9.6 (mainline) and 2.2.27 (LTS) No active exploitation detected on Packagist.org or Private Packagist as of April 10, 2026 Perforce metadata publishing temporarily disabled as precaution Back
Apr 152 min read
Marimo RCE Vulnerability CVE-2026-39987 Under Active Exploitation Since Disclosure
Key Findings Critical RCE vulnerability CVE-2026-39987 in Marimo (CVSS 9.3) exploited within 9 hours 41 minutes of disclosure Unauthenticated attackers can obtain full interactive shell access on exposed instances through /terminal/ws WebSocket endpoint Affects all Marimo versions up to 0.20.4; patched in version 0.23.0 Unknown threat actor built working exploit from advisory alone, with no public PoC available Attacker conducted credential theft operation and reconnaissance,
Apr 102 min read
Flowise AI Agent Builder Faces Critical CVSS 10.0 RCE Vulnerability With 12,000+ Exposed Instances Under Active Exploitation
Key Findings CVE-2025-59528, a maximum-severity code injection vulnerability (CVSS 10.0), is being actively exploited against Flowise, an open-source AI platform The flaw allows remote code execution with only an API token required for exploitation Over 12,000 Flowise instances are exposed and vulnerable to attack Exploitation activity has been confirmed originating from a single Starlink IP address The vulnerability was patched in version 3.0.6 but remains unpatched on thous
Apr 72 min read
CISA Catalogs Critical F5 BIG-IP APM Vulnerability CVE-2025-53521 Following Active Exploitation
Key Findings CISA added CVE-2025-53521 to its Known Exploited Vulnerabilities catalog on Friday, citing active exploitation in the wild The vulnerability affects F5 BIG-IP Access Policy Manager (APM) and allows unauthenticated remote code execution with a CVSS v4 score of 9.3 The flaw was initially classified as a denial-of-service issue with a lower severity score but was reclassified as RCE after new information emerged in March 2026 Federal agencies have until March 30, 20
Mar 292 min read
Oracle Releases Emergency Patch for Critical RCE Vulnerability CVE-2026-21992 in Identity Manager
Key Findings Oracle released an emergency patch for CVE-2026-21992, a critical remote code execution vulnerability in Identity Manager and Web Services Manager The flaw has a CVSS score of 9.8 and requires no authentication, allowing attackers to execute code over HTTP Affected versions are Identity Manager 12.2.1.4.0 and 14.1.2.1.0, plus Web Services Manager versions 12.2.1.4.0 and 14.1.2.1.0 Oracle classified the vulnerability as "easily exploitable" with low complexity No
Mar 222 min read
Exposed Endpoint: Critical FortiClient EMS Vulnerability (CVSS 9.1) Enables Unauthenticated Remote Code Execution
Key Findings A critical SQL injection vulnerability (CVE-2026-21643) with a CVSS score of 9.1 has been discovered in Fortinet's FortiClient Enterprise Management Server (EMS) The flaw allows unauthenticated remote code execution, enabling attackers to take full control of the management server without any credentials The vulnerability is caused by improper sanitization of user input, allowing malicious SQL commands to be injected and executed The vulnerability affects FortiCl
Feb 92 min read
bottom of page
