We discuss widespread exploitation of Ivanti EPMM zero-day vulns CVE-2026-1281 and CVE-2026-1340. Attackers are deploying web shells and backdoors.
The post Critical Vulnerabilities in Ivanti EPMM Exploited appeared first on Unit 42.
A total of 12 vulnerabilities have been fixed in OpenSSL, all discovered by a single cybersecurity firm.
The post High-Severity Remote Code Execution Vulnerability Patched in OpenSSL appeared first on SecurityWeek.
We discuss the CVSS 10.0-rated RCE vulnerability in the Flight protocol used by React Server Components. This is tracked as CVE-2025-55182.
The post Exploitation of Critical Vulnerability in React Server Components (Updated December 12) appeared first on Unit 42.
Carrie Roberts // Unauthenticated Remote Code Execution? A hackerβs best friend. And that is what we have with CVE-2017-5638 Apache Struts with working exploit code here: https://github.com/rapid7/metasploit-framework/issues/8064 Save the exploit [β¦]
The post Strutting your stuff β Unauthenticated Remote Code Execution appeared first on Black Hills Information Security, Inc..
Mick Douglas // Current Status: β MS15-034 has remote Denial of Service (DoS) β Remote exploit code appears to be ready soonβ¦ maybe. Β Stay tuned. BLUE TEAM MARCHING ORDERS: β [β¦]
The post Waiting Is the Hardest Part: A Purple Teamβs Take on MS15-034 appeared first on Black Hills Information Security, Inc..
Login
