Cyera researchers detail Ni8mare, a critical RCE flaw that lets hackers access local instances of the n8n workflow automation platform, impacting ~100K servers
A maximum severity vulnerability dubbed “Ni8mare” allows remote, unauthenticated attackers to take control over locally deployed instances …
Apple announces a “major evolution” of the Apple Security Bounty program, doubling its top award to $2M for exploit chains that could be abused for spyware
$2M Top Payout Usman Qureshi / iPhone in Canada : Apple Doubles Security Bounty Rewards to $2 Million Bill Toulas / BleepingComputer : Apple now offers $2 million for zero-click RCE vulnerabilities Ti...
Microsoft releases a patch for a SharePoint 0-day RCE flaw exploited globally on thousands of on-prem servers and says SharePoint 2016 updates are in the works
Microsoft Corp. warned that hackers are actively targeting customers of its document management software SharePoint …
Attackers are actively exploiting a critical Apache Tomcat RCE flaw to take over servers with a PUT request; Wallarm: the attack “requires no authentication”
A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild …
Researchers: hackers are actively exploiting an RCE vulnerability in Zimbra email servers, disclosed on September 27, triggered by emailing the SMTP server
When the mail server handles an email address with shell escape characters, the postjournal binary just shells out and runs whatever is specified. … Will Dormann / @wdormann@infosec.exchange : “Best e...
Researchers: hackers are actively exploiting an RCE vulnerability in Zimbra email servers, disclosed on September 27, triggered by emailing the SMTP server
Hackers are actively exploiting a recently disclosed RCE vulnerability in Zimbra email servers that can be triggered simply …
Qualys researchers say an OpenSSH flaw can let attackers remotely compromise servers and allow unauthenticated RCE as root; over 14M servers may be vulnerable
Qualys researchers say an OpenSSH flaw can let attackers remotely compromise servers and allow unauthenticated RCE as root; over 14M servers may be vulnerable
Researchers from Qualys say regreSSHion allows attackers to take over servers with 14 million potentially vulnerable OpenSSH instances identified.
A timeline of the attack on open-source project XZ Utils, which began in late 2021 and led to a backdoor with RCE in Linux distros Debian, Red Hat, and others
Over a period of over two years, an attacker using the name “Jia Tan” worked as a diligent, effective contributor to the xz compression library …