remote code execution (RCE)
Coverage of remote code execution (RCE) in the Nexus archive.
- Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS
Cybersecurity researchers identified six vulnerabilities in protobuf.js, a JavaScript and TypeScript implementation of Protocol Buffers, which could allow remote code execution (RCE) and denial-of-service (DoS) attacks in Node.js applications through malicious schemas or payloads.
- New Veeam vulnerability exposes backup servers to RCE attacks
Veeam has released security updates to address a critical vulnerability in its Backup & Replication software that could allow attackers to execute remote code on domain-joined backup servers. The flaw poses a risk of remote code execution (RCE) exploitation.
- Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain
Cybersecurity researchers identified a critical design flaw in the Model Context Protocol (MCP) that could enable remote code execution (RCE), posing significant risks to systems using vulnerable MCP implementations and threatening the AI supply chain.
- ThreatsDay Bulletin: Defender 0-Day, SonicWall Brute-Force, 17-Year-Old Excel RCE and 15 More Stories
The ThreatsDay Bulletin highlights multiple cybersecurity threats, including a Microsoft Defender 0-Day vulnerability, a SonicWall brute-force attack, and a 17-year-old Excel remote code execution (RCE) flaw. The article emphasizes the persistence of ancient vulnerabilities, supply chain risks, and creative hacking tactics.
- Stealthy RCE on Hardened Linux: Noexec and Userland Execution PoC
A proof-of-concept (PoC) demonstrates a stealthy remote code execution (RCE) vulnerability on hardened Linux systems, exploiting Noexec and userland execution mechanisms. The article details techniques bypassing security measures, raising concerns about system vulnerabilities.
- ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories
The ThreatsDay Bulletin highlights a hybrid P2P botnet, a 13-year-old Apache RCE vulnerability resurfacing, and 18 other security issues. The report emphasizes overlooked vulnerabilities, questionable security practices, and attackers exploiting trusted platforms.