Search results for remote code execution | Breaking Cybersecurity News | The Hacker News

Google has released the February Security Update for Android that patches multiple security vulnerabilities discovered in the latest version of Android operating system. In total, there were five "critical" security vulnerabilities fixed in the release along with four "high" severity and one merely "moderate" issues. Remote Code Execution Flaw in WiFi A set of two critical vulnerabilities has been found in the Broadcom WiFi driver that could be exploited by attackers to perform Remote Code Execution (RCE) on affected Android devices when connected to the same network as the attacker. The vulnerabilities (CVE-2016-0801 and CVE-2016-0802) can be exploited by sending specially crafted wireless control message packets that can corrupt kernel memory, potentially leading to remote code execution at the kernel level. "These vulnerabilities can be triggered when the attacker and the victim are associated with the same network," read...

A critical security vulnerability in Microsoft SharePoint Server has been weaponized as part of an "active, large-scale" exploitation campaign. The zero-day flaw, tracked as CVE-2025-53770 (CVSS score: 9.8), has been described as a variant of CVE-2025-49704 (CVSS score: 8.8), a code injection and remote code execution bug in Microsoft SharePoint Server that was addressed by the tech giant as part of its July 2025 Patch Tuesday updates. "Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network," Microsoft said in an advisory released on July 19, 2025. The Windows maker further noted that it's preparing and fully testing a comprehensive update to resolve the issue. It credited Viettel Cyber Security for discovering and reporting the flaw through Trend Micro's Zero Day Initiative (ZDI). In a separate alert issued Saturday, Redmond said it's aware of active attacks ta...

A new zero-day pre-authentication remote code execution vulnerability has been disclosed in the Apache OFBiz open-source enterprise resource planning (ERP) system that could allow threat actors to achieve remote code execution on affected instances. Tracked as CVE-2024-38856 , the flaw has a CVSS score of 9.8 out of a maximum of 10.0. It affects Apache OFBiz versions prior to 18.12.15. "The root cause of the vulnerability lies in a flaw in the authentication mechanism," SonicWall, which discovered and reported the shortcoming, said in a statement. "This flaw allows an unauthenticated user to access functionalities that generally require the user to be logged in, paving the way for remote code execution." CVE-2024-38856 is also a patch bypass for CVE-2024-36104 , a path traversal vulnerability that was addressed in early June with the release of 18.12.14. SonicWall described the flaw as residing in the override view functionality that exposes critical endpoi...

SolarWinds has addressed a set of critical security flaws impacting its Access Rights Manager (ARM) software that could be exploited to access sensitive information or execute arbitrary code. Of the 13 vulnerabilities, eight are rated Critical in severity and carry a CVSS score of 9.6 out of 10.0. The remaining five weaknesses have been rated High in severity, with four of them having a CVSS score of 7.6 and one scoring 8.3. The most severe of the flaws are listed below - CVE-2024-23472 - SolarWinds ARM Directory Traversal Arbitrary File Deletion and Information Disclosure Vulnerability CVE-2024-28074 - SolarWinds ARM Internal Deserialization Remote Code Execution Vulnerability CVE-2024-23469 - Solarwinds ARM Exposed Dangerous Method Remote Code Execution Vulnerability CVE-2024-23475 - Solarwinds ARM Traversal and Information Disclosure Vulnerability CVE-2024-23467 - Solarwinds ARM Traversal Remote Code Execution Vulnerability CVE-2024-23466 - Solarwinds ARM Directory ...

A set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller for Kubernetes that could result in unauthenticated remote code execution, putting over 6,500 clusters at immediate risk by exposing the component to the public internet. The vulnerabilities (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974 ), assigned a CVSS score of 9.8, have been collectively codenamed IngressNightmare by cloud security firm Wiz. It's worth noting that the shortcomings do not impact NGINX Ingress Controller , which is another ingress controller implementation for NGINX and NGINX Plus. "Exploitation of these vulnerabilities leads to unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster by attackers, which can result in cluster takeover," the company said in a report shared with The Hacker News. IngressNightmare, at its core, affects the admission controller component of the Ingress N...

What's worse than knowing that innocent looking JPEGs, PDFs and font files can hijack your iPhone, iPad, and iPod. Yes, attackers can take over your vulnerable Apple's iOS device remotely – all they have to do is trick you to view a maliciously-crafted JPEG graphic or PDF file through a website or an email, which could allow them to execute malicious code on your system. That's a terrible flaw (CVE-2016-4673), but the good news is that Apple has released the latest version of its mobile operating system, iOS 10.1 , for iPhones and iPads to address this remote-code execution flaw, alongside an array of bug fixes. And now that the company has rolled out a security patch, some hackers would surely find vulnerable Apple devices to exploit the vulnerability and take full control of them. So, users running older versions of iOS are advised to update their mobile devices to iOS 10.1 as soon as possible. Besides this remote code execution flaw, the newest iOS 10.1 incl...

SolarWinds has released security updates to address multiple security vulnerabilities impacting SolarWinds Web Help Desk, including four critical vulnerabilities that could result in authentication bypass and remote code execution (RCE). The list of vulnerabilities is as follows - CVE-2025-40536 (CVSS score: 8.1) - A security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality CVE-2025-40537 (CVSS score: 7.5) - A hard-coded credentials vulnerability that could allow access to administrative functions using the "client" user account CVE-2025-40551 (CVSS score: 9.8) - An untrusted data deserialization vulnerability that could lead to remote code execution, which would allow an unauthenticated attacker to run commands on the host machine CVE-2025-40552 (CVSS score: 9.8) - An authentication bypass vulnerability that could allow an unauthenticated attacker to execute actions and methods CVE-202...

Commvault has released updates to address four security gaps that could be exploited to achieve remote code execution on susceptible instances. The list of vulnerabilities, identified in Commvault versions before 11.36.60, is as follows - CVE-2025-57788 (CVSS score: 6.9) - A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials CVE-2025-57789 (CVSS score: 5.3) - A vulnerability during the setup phase between installation and the first administrator login that allows remote attackers to exploit the default credentials to gain admin control CVE-2025-57790 (CVSS score: 8.7) - A path traversal vulnerability that allows remote attackers to perform unauthorized file system access through a path traversal issue, resulting in remote code execution CVE-2025-57791 (CVSS score: 6.9) - A vulnerability that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to...

The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolved nine security flaws, including a critical bug that, if successfully exploited, could result in remote code execution (RCE). The issue, assigned the CVE identifier  CVE-2024-23897 , has been described as an arbitrary file read vulnerability through the built-in command line interface ( CLI ) "Jenkins uses the args4j library to parse command arguments and options on the Jenkins controller when processing CLI commands," the maintainers  said  in a Wednesday advisory. "This command parser has a feature that replaces an @ character followed by a file path in an argument with the file's contents (expandAtFiles). This feature is enabled by default and Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable it." A threat actor could exploit this quirk to read arbitrary files on the Jenkins controller file system...

As part of this month's Patch Tuesday, Microsoft has released security patches for a total of 55 vulnerabilities across its products, including fixes for four zero-day vulnerabilities being exploited in the wild. Just yesterday, Microsoft released an emergency out-of-band update separately to patch a remote execution bug ( CVE-2017-0290 ) in Microsoft's Antivirus Engine that comes enabled by default on Windows 7, 8.1, RT, 10 and Server 2016 operating systems. The vulnerability, reported by Google Project Zero researchers, could allow an attacker to take over your Windows PC with just an email, which you haven't even opened yet. May 2017 Patch Tuesday — Out of 55 vulnerabilities, 17 have been rated as critical and affect the company's main operating systems, along with other products like Office, Edge, Internet Explorer, and the malware protection engine used in most of the Microsoft's anti-malware products. Sysadmins all over the world should prioriti...

A critical remote code execution vulnerability has been reported in the eBay owned global e-commerce business PayPal that could be exploited by an attacker to execute arbitrary code on the PayPal's Marketing online-service web-application server. The remote code execution flaw, discovered by an independent security researcher, Milan A Solanki , has been rated Critical by Vulnerability Lab with a CVSS count of 9.3 and affected the marketing online service web-application of PayPal. The vulnerability resides in the Java Debug Wire Protocol (JDWP) protocol of the PayPal's marketing online service web-server. Successful exploitation of the PayPal vulnerability could result in an unauthorized execution of system specific codes against the targeted system in order to completely compromise the company's web server, without any privilege or user interaction. JDWP is a protocol that used for communication between a debugger and the Java virtual machine that i...

Microsoft on Tuesday revealed that two security flaws impacting Windows NT LAN Manager ( NTLM ) and Task Scheduler have come under active exploitation in the wild. The security vulnerabilities are among the 90 security bugs the tech giant addressed as part of its Patch Tuesday update for November 2024. Of the 90 flaws, four are rated Critical, 85 are rated Important, and one is rated Moderate in severity. Fifty-two of the patched vulnerabilities are remote code execution flaws. The fixes are in addition to 31 vulnerabilities Microsoft resolved in its Chromium-based Edge browser since the release of the October 2024 Patch Tuesday update. The two vulnerabilities that have been listed as actively exploited are below - CVE-2024-43451 (CVSS score: 6.5) - Windows NTLM Hash Disclosure Spoofing Vulnerability CVE-2024-49039 (CVSS score: 8.8) - Windows Task Scheduler Elevation of Privilege Vulnerability "This vulnerability discloses a user's NTLMv2 hash to the attacker who c...

Google has released its latest monthly security update for Android devices, including a serious bug in some Broadcom Wi-Fi chipsets that affects millions of Android devices, as well as some iPhone models. Dubbed BroadPwn , the critical remote code execution vulnerability resides in Broadcom's BCM43xx family of WiFi chipsets, which can be triggered remotely without user interaction, allows a remote attacker to execute malicious code on targeted Android devices with kernel privileges. "The most severe vulnerability in this [runtime] section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of an unprivileged process," Google describes in the July 2017 Android Security Bulletin. The BroadPwn vulnerability ( CVE-2017-3544 ) has been discovered by Exodus Intelligence researcher Nitay Artenstein, who says the flawed Wi-Fi chipset also impacts Apple iOS devices. Since Artenstein will be presenting his finding at...

The North Korean threat actors associated with the long-running Contagious Interview campaign have been observed using malicious Microsoft Visual Studio Code (VS Code) projects as lures to deliver a backdoor on compromised endpoints. The latest finding demonstrates continued evolution of the new tactic that was first discovered in December 2025, Jamf Threat Labs said. "This activity involved the deployment of a backdoor implant that provides remote code execution capabilities on the victim system," security researcher Thijs Xhaflaire said in a report shared with The Hacker News. First disclosed by OpenSourceMalware last month, the attack essentially involves instructing prospective targets to clone a repository on GitHub, GitLab, or Bitbucket, and launch the project in VS Code as part of a supposed job assessment. The end goal of these efforts is to abuse VS Code task configuration files to execute malicious payloads staged on Vercel domains, depending on the oper...

Security researchers have disclosed a security issue that could have allowed attackers to weaponize the VirusTotal platform as a conduit to achieve remote code execution (RCE) on unpatched third-party sandboxing machines employed antivirus engines. The flaw, now patched, made it possible to "execute commands remotely within [through] VirusTotal platform and gain access to its various scans capabilities," Cysource researchers Shai Alfasi and Marlon Fabiano da Silva said in a report exclusively shared with The Hacker News. VirusTotal , part of Google's Chronicle security subsidiary, is a malware-scanning service that analyzes suspicious files and URLs and checks for viruses using more than 70 third-party antivirus products. The attack method involved uploading a DjVu file via the platform's web user interface that when passed to multiple third-party malware scanning engines could trigger an exploit for a high-severity remote code execution flaw in ExifTool , an op...

A German Security researcher has demonstrated a critical  vulnerability on Ebay website, world's biggest eStore. According to David Vieira-Kurz  discovered Remote code execution flaw " due to a type-cast issue in combination with complex curly syntax ", that allows an attacker to execute arbitrary code on the EBay's web server. In a demo video, he exploited this RCE flaw on EBay website, and managed to display output of phpinfo()  PHP function on the web page, just by modifying the URL and injecting code in that. According to an explanation on his blog , he noticed a legitimate URL on EBay: https://sea.ebay.com/search/?q=david&catidd=1  . . and modified the URL to pass any array values including a payload: https://sea.ebay.com/search/?q[0]=david&q[1]=sec{${ phpinfo() }}&catidd=1 Video Demonstration: But it is not clear at this moment that where the flaw resides on Ebay server, because how a static GET parameter can be converted to accept li...

The recently disclosed critical Microsoft SharePoint vulnerability has been under exploitation as early as July 7, 2025, according to findings from Check Point Research. The cybersecurity company said it observed first exploitation attempts targeting an unnamed major Western government, with the activity intensifying on July 18 and 19, spanning government, telecommunications, and software sectors in North America and Western Europe. Check Point also said the exploitation efforts originated from three different IP addresses – 104.238.159[.]149, 107.191.58[.]76, and 96.9.125[.]147 – one of which was previously tied to the weaponization of security flaws in Ivanti Endpoint Manager Mobile (EPMM) appliances ( CVE-2025-4427 and CVE-2025-4428 ). "We're witnessing an urgent and active threat: a critical zero-day in SharePoint on-prem is being exploited in the wild, putting thousands of global organizations at risk," Lotem Finkelstein, Director of Threat Intelligence at Chec...

Ivanti has released security updates to address multiple security flaws impacting Connect Secure (ICS), Policy Secure (IPS), and Cloud Services Application (CSA) that could be exploited to achieve arbitrary code execution. The list of vulnerabilities is below - CVE-2024-38657 (CVSS score: 9.1) - External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files CVE-2025-22467 (CVSS score: 9.9) - A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution CVE-2024-10644 (CVSS score: 9.1) - Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution CVE-2024-47908 (CVSS score: 9.1) - Operating sy...