#command-injection

[ follow ]
#rondodox #remote-code-execution #meteobridge #cve-2025-4008 #cisa-kev #arrayos #desktopdirect #web-shells #botnet
Information security
fromThe Hacker News
5 hours ago

JPCERT Confirms Active Command Injection Attacks on Array AG Gateways

A command injection flaw in Array Networks DesktopDirect (ArrayOS ≤9.4.5.8) has been exploited since Aug 2025 to drop web shells; update to 9.4.5.9.
#rondodox
more#rondodox
Information security
fromThe Hacker News
1 month ago

Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely - Patch Now

A command injection vulnerability in the figma-developer-mcp MCP server (CVE-2025-53967) permits remote code execution via unsanitized user input.
Information security
fromSecurityWeek
2 months ago

Organizations Warned of Exploited Meteobridge Vulnerability

A Meteobridge command-injection vulnerability (CVE-2025-4008) has been exploited in attacks and added to CISA's Known Exploited Vulnerabilities catalog.
Information security
fromThe Hacker News
2 months ago

CISA Flags Meteobridge CVE-2025-4008 Flaw as Actively Exploited in the Wild

Meteobridge contains a command-injection vulnerability (CVE-2025-4008) allowing unauthenticated remote attackers to execute arbitrary commands as root; vulnerability is actively exploited and patched in version 6.
Information security
fromThe Hacker News
2 months ago

Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure

An unsafe deserialization flaw (CVE-2025-10035) in Fortra GoAnywhere permits unauthenticated command injection and was actively exploited in the wild by at least September 10, 2025.
Information security
fromSecurityWeek
2 months ago

Libraesva Email Security Gateway Vulnerability Exploited by Nation-State Hackers

A command-injection vulnerability in Libraesva ESG allows arbitrary shell command execution via crafted compressed email attachments; patches available for ESG 5.x while 4.x is discontinued.
Information security
fromThe Hacker News
2 months ago

Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover

Multiple critical Chaos Mesh vulnerabilities allow minimal in-cluster attackers to execute commands, disrupt services, steal tokens, and potentially achieve cluster-wide takeover.
Information security
fromThe Hacker News
3 months ago

Linux Malware Delivered via Malicious RAR Filenames Evades Antivirus Detection

Phishing emails deliver RAR archives whose filenames contain Base64-encoded Bash commands that execute VShell via shell command injection when file names are parsed.
[ Load more ]