rce Archives • Page 16 of 30 • Daily CyberSecurity

October Patch Tuesday: Microsoft Fixes 6 Zero-Days, Including 4 Actively Exploited Flaws, as Windows 10 Reaches End-of-Life Patch Tuesday Zero-Days, Windows 10 Final Update

Patch Tuesday Zero-Days, Windows 10 Final Update

October Patch Tuesday: Microsoft Fixes 6 Zero-Days, Including 4 Actively Exploited Flaws, as Windows 10 Reaches End-of-Life

Do Son October 15, 2025

Microsoft’s October 2025 Patch Tuesday has arrived with one of the largest security updates of the year—193...

SAP Patches Critical 10.0 Flaw in NetWeaver: Unauthenticated RCE Risk SAP Security Patch Day CVE-2025-42944, CVE-2025-42937

SAP Patches Critical 10.0 Flaw in NetWeaver: Unauthenticated RCE Risk

Do Son October 14, 2025

SAP has released its October 2025 Security Patch Day, addressing 13 new security notes and 3 updates...

Microsoft Edge Google account login interface and synchronization settings Browser Choice Alliance letter Microsoft Edge cleartext credentials memory dump Microsoft Edge auto-startup Microsoft Edge Collections sunset, export Edge Collections CSV Edge IE Mode Zero-Day, Chakra Exploit Windows Search, Microsoft Edge AI video translation, Edge browser Microsoft Editor, Edge Edge Developer tools Windows 10 ESU, Microsoft Edge Microsoft Edge, FCP Optimization CVE-2023-36735 Edge, AI Search

Microsoft Patches Edge IE Mode After Hackers Exploited Chakra Zero-Day for Device Takeover

Do Son October 14, 2025

After discovering that hackers were exploiting a zero-day vulnerability in the Chakra JavaScript engine used by Internet...

Critical Elastic Cloud Flaw: CVE-2025-37729 (CVSS 9.1) Allows RCE via Jinjava Template Injection ECE Jinjava Injection, CVE-2025-37729

Critical Elastic Cloud Flaw: CVE-2025-37729 (CVSS 9.1) Allows RCE via Jinjava Template Injection

Do Son October 14, 2025

Elastic has released urgent security updates for Elastic Cloud Enterprise (ECE) to patch a critical vulnerability (CVE-2025-37729)...

Cherry Studio RCE, Custom Protocol Exploit

Critical Cherry Studio Flaw CVE-2025-61929 (CVSS 9.7) Allows One-Click RCE via Custom URL Protocol

Do Son October 13, 2025

A critical security flaw has been discovered in Cherry Studio, a cross-platform desktop client that supports multiple...

Apple Ups Bounty to $5 Million for Zero-Click Spyware Exploits Bypassing Lockdown Mode Apple Bounty $5M, Zero-Click Exploit Zero-day, Apple security CVE-2025-43300

Apple Bounty $5M, Zero-Click Exploit Zero-day, Apple security CVE-2025-43300

Apple Ups Bounty to $5 Million for Zero-Click Spyware Exploits Bypassing Lockdown Mode

Do Son October 13, 2025

Apple has announced a major overhaul of its Security Bounty vulnerability reward program, set to take effect...

CVE-2025-61927 (CVSS 9.4): Critical RCE Flaw Discovered in Happy DOM, Over 2.7 Million Weekly Downloads Impacted

Do Son October 13, 2025

A critical-severity vulnerability has been disclosed in Happy DOM, a popular JavaScript package used to emulate web...

Two 7-Zip Flaws Allow Code Execution via Malicious ZIP Files (CVE-2025-11001 & CVE-2025-11002) 7-Zip RCE, ZIP Directory Traversal

Two 7-Zip Flaws Allow Code Execution via Malicious ZIP Files (CVE-2025-11001 & CVE-2025-11002)

Do Son October 11, 2025

The Zero Day Initiative (ZDI) has published details of two critical vulnerabilities in the popular open-source compression...

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

CL0P Extortion: Google/Mandiant Expose Zero-Day RCE in Oracle E-Business Suite (CVE-2025-61882)

Do Son October 10, 2025

Google Threat Intelligence Group (GTIG) and Mandiant have jointly disclosed an extensive data theft and extortion campaign...

Exploited Zero-Day: Gladinet/Triofox Flaw CVE-2025-11371 Allows RCE via LFI PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

PAN-OS Root RCE CL-STA-1132 Exploitation Tianxin RCE CVE-2021-4473 React Native Supply Chain Attack AstrOOnauta Malware Gladinet Zero-Day, LFI RCE Chain WordPress Theme, Account Takeover CVE-2024-50623 - European Space Agency cyberattack

Exploited Zero-Day: Gladinet/Triofox Flaw CVE-2025-11371 Allows RCE via LFI

Do Son October 10, 2025

Huntress has sounded the alarm over active exploitation of a newly discovered Local File Inclusion (LFI) vulnerability...

NVIDIA GPU Driver Patches Multiple High-Severity Flaws Risking RCE and Privilege Escalation NemoClaw Prompt Injection AI Sandbox Security NVIDIA Physical AI CES 2026, Jetson T4000 robotics hardware NVIDIA AI Security, Isaac Lab RCE NVIDIA Driver RCE, CVE-2025-23309 NVIDIA Triton, AI Server Vulnerabilities CVE-2023-31029 & CVE-2023-31024 - CVE‑2024-0112

NemoClaw Prompt Injection AI Sandbox Security NVIDIA Physical AI CES 2026, Jetson T4000 robotics hardware NVIDIA AI Security, Isaac Lab RCE NVIDIA Driver RCE, CVE-2025-23309 NVIDIA Triton, AI Server Vulnerabilities CVE-2023-31029 & CVE-2023-31024 - CVE‑2024-0112

NVIDIA GPU Driver Patches Multiple High-Severity Flaws Risking RCE and Privilege Escalation

Do Son October 10, 2025

NVIDIA has released an important software security update for its GPU Display Driver, addressing multiple vulnerabilities that...

TP-Link Router Flaw CVE-2023-28760 Allows Root RCE via LAN, PoC Available TP-Link RCE, MiniDLNA Overflow

TP-Link Router Flaw CVE-2023-28760 Allows Root RCE via LAN, PoC Available

Do Son October 10, 2025

Security researcher Rocco Calvi detailed a critical flaw in the TP-Link AX1800 WiFi 6 Router (Archer AX21/AX20)...

Critical Flowise RCE Flaw: CVE-2025-61913 (CVSS 10.0) Allows Arbitrary File Write Flowise Sandbox Escape CVE-2026-46442 Flowise RCE Flowise Auth Bypass, Unauthenticated Registration Flowise RCE, WriteFileTool FlowiseAI, account takeover CVE-2025-58434

Flowise Sandbox Escape CVE-2026-46442 Flowise RCE Flowise Auth Bypass, Unauthenticated Registration Flowise RCE, WriteFileTool FlowiseAI, account takeover CVE-2025-58434

Critical Flowise RCE Flaw: CVE-2025-61913 (CVSS 10.0) Allows Arbitrary File Write

Do Son October 9, 2025

The maintainers of Flowise, an open-source generative AI development platform for building AI agents and LLM workflows,...

High-Severity Deno Flaw CVE-2025-61787 Allows Command Injection on Windows CVE-2023-28445 Deno Command Injection, CVE-2025-61787

High-Severity Deno Flaw CVE-2025-61787 Allows Command Injection on Windows

Do Son October 9, 2025

The Deno project has issued a new security advisory warning of a command injection vulnerability on Windows...

OpenSSH Flaw (CVE-2025-61984) Allows Remote Code Execution via Usernames CVE-2023-48795 - Terrapin Attack OpenSSH RCE, ProxyCommand Injection

OpenSSH Flaw (CVE-2025-61984) Allows Remote Code Execution via Usernames

Do Son October 8, 2025

Security researcher David Leadbeater has disclosed a vulnerability in OpenSSH, identified as CVE-2025-61984, which highlights how even...

Qt Fixes Dual Critical Vulnerabilities (CVE-2025-10728 & CVE-2025-10729) in SVG Module Qt SVG RCE, CVE-2025-10729 CVE-2024-33861

Qt Fixes Dual Critical Vulnerabilities (CVE-2025-10728 & CVE-2025-10729) in SVG Module

Do Son October 7, 2025

The Qt Group has released a critical security advisory addressing two severe vulnerabilities in the Qt SVG...

Oracle EBS Zero-Day (CVE-2025-61882) Under Active RCE Exploitation by GRACEFUL SPIDER Oracle EBS Zero-Day, GRACEFUL SPIDER Cracked Software, Supply Chain Attack Black Basta - NOVA stealer

Oracle EBS Zero-Day, GRACEFUL SPIDER Cracked Software, Supply Chain Attack Black Basta - NOVA stealer

Oracle EBS Zero-Day (CVE-2025-61882) Under Active RCE Exploitation by GRACEFUL SPIDER

Do Son October 7, 2025

CrowdStrike has sounded the alarm on an ongoing mass exploitation campaign targeting Oracle E-Business Suite (EBS) applications...

Critical RCE (CVE-2025-10035) in GoAnywhere MFT Used by Medusa Ransomware Group Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Quest KACE Vulnerability CVE-2025-32975 FortiGate SSO Bypass, Active Exploitation GoAnywhere RCE, Storm-1175 Cisco VPN RCE, ASA Zero-Day TinyColor Supply Chain Attack SK Telecom, data breach Erlang/OTP RCE, OT Network Security Ivanti CSA Attacks WordPress RCE, Theme Vulnerability

Critical RCE (CVE-2025-10035) in GoAnywhere MFT Used by Medusa Ransomware Group

Do Son October 7, 2025

Microsoft Threat Intelligence has issued a warning following the discovery of active exploitation of a newly disclosed...

Critical Flaw CVE-2025-36356 (CVSS 9.3) in IBM Security Verify Access Allows Root Privilege Escalation IBM API Connect, CVE-2025-13915 IBM Privilege Escalation, CVE-2025-36356 IBM Power Systems - CVE-2024-45656 CVE-2024-49814 and CVE-2024-51450 CVE-2024-56346 and CVE-2024-56347 CVE-2025-1302

IBM API Connect, CVE-2025-13915 IBM Privilege Escalation, CVE-2025-36356 IBM Power Systems - CVE-2024-45656 CVE-2024-49814 and CVE-2024-51450 CVE-2024-56346 and CVE-2024-56347 CVE-2025-1302

Critical Flaw CVE-2025-36356 (CVSS 9.3) in IBM Security Verify Access Allows Root Privilege Escalation

Do Son October 7, 2025

IBM has released fixes for three security vulnerabilities affecting its IBM Security Verify Access and IBM Verify...

Rapid7 Details Cisco ASA Zero-Day Exploit Chain (CVE-2025-20362 & CVE-2025-20333)

Do Son October 7, 2025

Security researchers at Rapid7 have published a detailed technical analysis uncovering how a pair of zero-day vulnerabilities...