6 links tagged with all of: cybersecurity + vulnerabilities + remote-code-execution
Click any tag below to further narrow down your results
Links
Two critical 0-day vulnerabilities in NetSupport Manager allow attackers to execute code remotely without authentication. This exploit can compromise industrial control systems, enabling lateral movement within networks. Organizations are urged to upgrade to the latest version to mitigate risks.
Two vulnerabilities, named LookOut, discovered in Google Looker can lead to remote code execution and data exfiltration. Attackers with developer permissions can exploit these flaws to fully compromise Looker instances.
Two critical vulnerabilities in Cisco's Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) have been identified, allowing remote code execution without authentication. Cisco has released patches for these vulnerabilities, tracked as CVE-2025-20281 and CVE-2025-20282, and users are urged to apply them promptly.
Researchers have discovered multiple zero-day vulnerabilities in HashiCorp Vault and CyberArk Conjur, critical secret management platforms used by many enterprises. These vulnerabilities could allow attackers to bypass authentication, gain root access, and execute remote code, posing significant security risks to organizations.
CISA reported that hackers breached a U.S. federal agency by exploiting a critical unpatched vulnerability in GeoServer, leading to lateral movement within the agency's network and the installation of web shells. The attackers remained undetected for three weeks until their activities triggered alerts, prompting an investigation and response measures. CISA emphasizes the importance of timely patching and monitoring for security vulnerabilities.
Team82 has revealed four vulnerabilities in Axis Communications' video surveillance products, which could allow attackers to execute remote code on both the Axis Device Manager and Axis Camera Station. The exploit chain targets the proprietary Axis.Remoting protocol, potentially exposing thousands of organizations to significant security risks. Axis Communications has responded promptly with patches to address these vulnerabilities.