MITRE ATT&CK Mapping

Security Affairs CVE F5 4d ago

Attackers Exploit RCE Flaw as 14,000 F5 BIG-IP APM Instances Remain Exposed

Over 14,000 F5 BIG-IP APM instances remain exposed online, as attackers actively exploit a critical remote code execution flaw CVE-2025-53521. Over 14,000 F5...

T1190 1 IOC

Security Affairs →

Zero Day Initiative CVE 4d ago

ZDI-26-256: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE 4d ago

ZDI-26-255: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE 4d ago

ZDI-26-254: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required...

T1190 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE 4d ago

ZDI-26-257: (0Day) Labcenter Electronics Proteus PDSPRJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Labcenter Electronics Proteus. User interaction is required...

T1190 1 IOC

Zero Day Initiative →

GBHackers Vulnerability Disclosure 4d ago

36 Malicious Strapi npm Packages Deliver Redis RCE, Persistent C2 Malware

A coordinated supply chain attack has been uncovered involving 36 malicious npm packages masquerading as Strapi CMS plugins, delivering a range of payloads i...

T1190 T1195

GBHackers →

Exploit Database Vulnerability Disclosure 4d ago

[webapps] WBCE CMS 1.6.4 - Remote Code Execution

WBCE CMS 1.6.

T1190

Exploit Database →

Exploit Database Vulnerability Disclosure 4d ago

[webapps] RiteCMS 3.1.0 - Authenticated Remote Code Execution

RiteCMS 3.1.

T1190

Exploit Database →

The Hacker News Vulnerability Disclosure Microsoft Linux Apr 3

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

Threat actors are increasingly using HTTP cookies as a control channel for PHP-based web shells on Linux servers and to achieve remote code execution, accord...

T1190

The Hacker News →

SC Media CVE Apr 3

Progress ShareFile vulnerabilities allow unauthenticated file exfiltration

Researchers at watchTowr identified an authentication bypass (CVE-2026-2699) and a remote code execution flaw (CVE-2026-2701) within the Storage Zones Contro...

T1190 T1041 T1556 2 IOCs

SC Media →

GBHackers CVE Amazon Apr 3

New Progress ShareFile Flaws Expose Servers to Unauthorized Remote Takeover

Security researchers at watchTowr Labs have disclosed a critical exploit chain in the Progress ShareFile Storage Zone Controller. The vulnerabilities, tracke...

T1190 2 IOCs

GBHackers →

Wordfence Blog Vulnerability Disclosure WordPress Apr 2

200,000 WordPress Sites Affected by Arbitrary File Deletion Vulnerability in Perfmatters WordPress Plugin

On March 1st, 2026, we received a submission for an Arbitrary File Deletion vulnerability in Perfmatters, a WordPress plugin with more than 200,000 active in...

T1190

Wordfence Blog →

Microsoft Security Blog General Microsoft Linux Apr 2

Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments

Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting environments. This post examine...

T1190 T1027

Microsoft Security Blog →

SecurityWeek Vulnerability Disclosure Cisco Apr 2

Cisco Patches Critical and High-Severity Vulnerabilities

The bugs could lead to authentication bypass, remote code execution, information disclosure, and privilege escalation. The post Cisco Patches Critical and Hi...

T1190 T1548 T1556

SecurityWeek →

CISA Advisories CVE Apr 2

Hitachi Energy Ellipse

View CSAF Summary Hitachi Energy is aware of a Jasper Report vulnerability that affects the Ellipse product versions mentioned in this document below. This v...

T1190 1 IOC

CISA Advisories →

BleepingComputer Vulnerability Disclosure F5 Apr 2

Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks

Internet security watchdog Shadowserver has found over 14,000 BIG-IP APM instances exposed online amid ongoing attacks exploiting a critical-severity remote ...

T1190

BleepingComputer →

Zero Day Initiative CVE Microsoft Apr 2

ZDI-26-253: Microsoft Visual Studio Code mcp.json Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio Code. User interaction is required ...

T1190 T1059 1 IOC

Zero Day Initiative →

Zero Day Initiative CVE Apr 2

ZDI-26-252: Mozilla Firefox IonMonkey Switch Statement Optimization Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mozilla Firefox. User interaction is required to exploit th...

T1190 1 IOC

Zero Day Initiative →

Wordfence Blog Vulnerability Disclosure WordPress Apr 1

200,000 WordPress Sites Affected by Arbitrary File Move Vulnerability in MW WP Form WordPress Plugin

On March 16th, 2026, we received a submission for an Arbitrary File Move vulnerability in MW WP Form, a WordPress plugin with more than 200,000 active instal...

T1190

Wordfence Blog →

Cisco Advisories Vulnerability Disclosure Cisco Apr 1

Cisco Integrated Management Controller Command Injection and Remote Code Execution Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker ...

T1190 T1059

Cisco Advisories →