remote code execution | Breaking Cybersecurity News | The Hacker News

Fortinet has released security updates to address a critical flaw impacting FortiClientEMS that could lead to the execution of arbitrary code on susceptible systems. The vulnerability, tracked as CVE-2026-21643 , has a CVSS rating of 9.1 out of a maximum of 10.0. "An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests," Fortinet said in an advisory. The shortcoming affects the following versions - FortiClientEMS 7.2 (Not affected) FortiClientEMS 7.4.4 (Upgrade to 7.4.5 or above) FortiClientEMS 8.0 (Not affected) Gwendal Guégniaud of the Fortinet Product Security team has been credited with discovering and reporting the flaw. While Fortinet makes no mention of the vulnerability being exploited in the wild, it's essential that users move quickly to apply the fixes...

The Netherlands' Dutch Data Protection Authority (AP) and the Council for the Judiciary confirmed both agencies (Rvdr) have disclosed that their systems were impacted by cyber attacks that exploited the recently disclosed security flaws in Ivanti Endpoint Manager Mobile (EPMM), according to a notice sent to the country's parliament on Friday. "On January 29, the National Cyber Security Center (NCSC) was informed by the supplier of vulnerabilities in EPMM," the Dutch authorities said . "EPMM is used to manage mobile devices, apps, and content, including their security." "It is now known that work-related data of AP employees, such as names, business email addresses, and telephone numbers, have been accessed by unauthorized persons." The development comes as the European Commission also revealed that its central infrastructure managing mobile devices "identified traces" of a cyber attack that may have resulted in access to names and mo...

Microsoft has revealed that it observed a multi‑stage intrusion that involved the threat actors exploiting internet‑exposed SolarWinds Web Help Desk (WHD) instances to obtain initial access and move laterally across the organization's network to other high-value assets. That said, the Microsoft Defender Security Research Team said it's not clear whether the activity weaponized recently disclosed flaws (CVE-2025-40551, CVSS score: 9.8, and CVE-2025-40536, CVSS score: 8.1), or a previously patched vulnerability (CVE-2025-26399, CVSS score: 9.8). "Since the attacks occurred in December 2025 and on machines vulnerable to both the old and new set of CVEs at the same time, we cannot reliably confirm the exact CVE used to gain an initial foothold," the company said in a report published last week. While CVE-2025-40536 is a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality, CVE-2025-...

BeyondTrust has released updates to address a critical security flaw impacting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could result in remote code execution. "BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability," the company said in an advisory released February 6, 2026. "By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user." The vulnerability, categorized as an operating system command injection , has been assigned the CVE identifier CVE-2026-1731 . It's rated 9.9 on the CVSS scoring system. BeyondTrust said successful exploitation of the shortcoming could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user, resulting in unautho...

A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands. The flaw, tracked as CVE-2026-25049 (CVSS score: 9.4), is the result of inadequate sanitization that bypasses safeguards put in place to address CVE-2025-68613 (CVSS score: 9.9), another critical defect that was patched by n8n in December 2025. "Additional exploits in the expression evaluation of n8n have been identified and patched following CVE-2025-68613," n8n's maintainers said in an advisory released Wednesday. "An authenticated user with permission to create or modify workflows could abuse crafted expressions in workflow parameters to trigger unintended system command execution on the host running n8n." The issue affects the following versions - <1.123.17 (Fixed in 1.123.17) <2.5.2 (Fixed in 2.5.2)