资讯

Infosecurity Magazine

Critical CVEs in Chaos-Mesh Enable In-Cluster Code Execution

A trio of critical vulnerabilities in the Chaos-Mesh platform allow in-cluster attackers to run arbitrary code, even in ...

Update your Samsung phone ASAP to patch this zero-day flaw exploited in the wild

All impacted phone models will receive the fix, which patches a vulnerability tracked as CVE-2025-21043. The security flaw, issued a critical base score of 8.8 by Samsung Mobile (a CNA), is described ...
SecurityWeek

Samsung Patches Zero-Day Exploited Against Android Users

Samsung’s September 2025 security updates for Android devices include a patch for a vulnerability that has been exploited in ...
CSOonline

Microsoft demonstrates remote code execution exploit against PLCs that support CODESYS

Researchers from Microsoft have demonstrated how programmable logic controllers (PLCs) that support the CODESYS runtime can be taken over by exploiting high-severity remote code execution (RCE) ...
ZDNet

Code execution exploit dings iPhone

Apple's iPhone has failed the security smell test. Researchers at Security Evaluators have found what is believed to be the first remote code execution flaw affecting the device -- a bug that can be ...
HotHardware

BleedingTooth Linux Exploit Can Lead to Remote Code Execution Within Bluetooth Range

A new Bluetooth security vulnerability has appeared, and this time Linux is under the gun. Andy Nguyen, an information security researcher, discovered the vulnerabilities. They are collectively known ...

Microsoft’s Patch Tuesday: About 80 Vulnerabilities Patched

An elevation of privilege vulnerability in the Windows NTLM authentication protocol and a flaw in Office’s Preview Pain are ...
Bleeping Computer

Zerodium triples WordPress remote code execution exploit payout

Zerodium has announced today an increased interest in exploits for the WordPress content management system that achieve remote code execution. The exploit acquisition platform is now enticing exploit ...
Computerworld

Hacker publishes alleged zero-day remote code execution exploit for older Plesk versions

A hacker released what he claims is a zero-day exploit for older versions of the Parallels Plesk Panel, a popular Web hosting administration software package, that could allow attackers to inject ...
Bleeping Computer

Public Windows PrintNightmare 0-day exploit allows domain takeover

Update: Microsoft acknowledged PrintNightmare as a zero-day that has been affecting all Windows versions since before June 2021 security updates. Technical details and a proof-of-concept (PoC) exploit ...
SecurityWeek

Hackers Exploit Sitecore Zero-Day for Malware Delivery

An ASP.NET feature, ViewState stores the state of a webpage in a hidden HTML field, for persistence. Attackers can target the ...
Ars Technica

Code execution 0-day in Windows has been under active exploit for 7 weeks

A critical code execution zero-day in all supported versions of Windows has been under active exploit for seven weeks, giving attackers a reliable means for installing malware without triggering ...