MITRE ATT&CK Mapping

Security Affairs CVE NEW 5h ago

Critical Veeam RCE Flaw Lets Low-Privilege Users Take Over Backup Servers

Veeam addressed a critical RCE vulnerability flaw in Backup & Replication that lets low-privileged domain users take control of backup servers. Veeam has pat...

T1190 1 IOC

Security Affairs →

The Hacker News CVE NEW 5h ago

Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code

Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CV...

T1190 1 IOC

The Hacker News →

BleepingComputer Vulnerability Disclosure 7h ago

New Veeam vulnerability exposes backup servers to RCE attacks

Veeam has released security updates to patch a critical Backup & Replication security flaw that can be exploited to gain remote code execution (RCE) on domai...

T1190

BleepingComputer →

GBHackers CVE 10h ago

LiteLLM Vulnerability Allows Attackers to Execute Arbitrary Commands on Servers

A critical vulnerability chain affecting LiteLLM has been identified, enabling unauthenticated remote code execution (RCE) on exposed servers. Tracked as CVE...

T1190 2 IOCs

GBHackers →

SC Media CVE Amazon 23h ago

Ubiquiti UniFi OS server vulnerabilities allow unauthenticated remote code execution

The security flaws, tracked as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, were addressed in May and impacted UniFi OS Server versions 5.0.

T1190 3 IOCs

SC Media →

BleepingComputer Zero-Day 1d ago

Gogs patches critical zero-day enabling remote code execution

Gogs has patched a critical security zero-day flaw that can allow attackers to compromise Internet-facing instances and access any repositories (including pr...

T1190

BleepingComputer →

CSO Online Vulnerability Disclosure Google Oracle 1d ago

Google Protocol Buffers flaw turns schemas into shells

A widely used JavaScript implementation of Google’s Protocol Buffers format is placing too much trust in untrusted data, exposing affected applications to re...

T1190

CSO Online →

GBHackers Vulnerability Disclosure Microsoft Google Apple Amazon Linux 1d ago

Google Fixes 429 Chrome Vulnerabilities, Including 22 Critical Bugs

Google has released Chrome 149 to the stable channel, addressing a significant batch of 429 security vulnerabilities across Windows, macOS, and Linux, includ...

T1190

GBHackers →

GBHackers Vulnerability Disclosure Microsoft 1d ago

Internet Explorer WebBrowser Control Abuse Lets Attackers Convert Clicks Into RCE

Internet Explorer’s legacy WebBrowser control can be abused to turn seemingly harmless user clicks into full remote code execution (RCE), even on systems tha...

T1190

GBHackers →

GBHackers General 1d ago

China-Linked OP-512 Targets IIS Servers With Unique Web Shell Framework

A suspected China-linked espionage cluster dubbed OP-512 after rapidly correlating many low-fidelity events into a single high-priority incident that human a...

T1190

GBHackers →

GBHackers Zero-Day 1d ago

Critical Redis Vulnerability Could Let Attackers Execute Code and Hijack Servers

A critical vulnerability in Redis, tracked as CVE-2026-23631 and dubbed “DarkReplica,” exposes authenticated deployments to remote code execution (RCE) throu...

T1190 1 IOC

GBHackers →

GBHackers Vulnerability Disclosure Amazon 1d ago

Critical UniFi OS RCE Chain Grants Root Access Without Credentials

Security Advisory Bulletin 064 describing a critical chain of vulnerabilities in UniFi OS Server that allows unauthenticated remote code execution and full r...

T1190

GBHackers →

GBHackers Campaigns Microsoft 3d ago

China-Linked Espionage Cluster Deploys Custom ASPX/ASHX Shells on IIS

A previously disclosed China-linked threat cluster, tracked as OP-512, has been observed deploying a purpose-built web shell framework to compromise Internet...

T1190

GBHackers →

GBHackers CVE Amazon 3d ago

Critical UniFi OS Auth Bypass Flaws Lead to Unauthenticated Root RCE

Ubiquiti has addressed three critical vulnerabilities within the UniFi OS Server that attackers can chain together to achieve unauthenticated remote code exe...

T1190 T1556 3 IOCs

GBHackers →

SC Media General Microsoft 4d ago

New China-linked threat cluster OP-512 targets Microsoft IIS servers

OP-512 deploys a custom web shell framework consisting of three distinct web shells, designed to provide attackers with remote access while evading detection.

T1190

SC Media →

SC Media Vulnerability Disclosure Cisco 4d ago

Another Cisco Catalyst SD-WAN Manager bug actively exploited

Cisco warns of an exploited SD-WAN flaw that can enable remote code execution and network compromise.

T1190

SC Media →

The Hacker News General Microsoft 4d ago

New Threat Cluster OP-512 Targets Microsoft IIS Servers with Custom Web Shell Framework

Cybersecurity researchers have discovered a previously unreported threat cluster dubbed OP-512 that has been observed targeting Microsoft Internet Informatio...

T1190

The Hacker News →

GBHackers CVE 4d ago

Hugging Face Transformers Security Flaw Allows Remote Code Execution

A critical security flaw in Hugging Face Transformers, tracked as CVE-2026-4372, has exposed millions of machine learning workflows to silent remote code exe...

T1190 1 IOC

GBHackers →

The Hacker News CVE WordPress 4d ago

Hackers Exploit Critical Everest Forms Pro WordPress Plugin Flaw to Take Over Sites

Threat actors are actively exploiting a critical security flaw in Everest Forms Pro, a WordPress plugin with about 4,000 active installations, to execute arb...

T1190 1 IOC

The Hacker News →

SC Media CVE 4d ago

Critical Redis vulnerability CVE-2026-23479 allows remote code execution

The vulnerability, rated 8.8 by CVSS 3.

T1190 1 IOC

SC Media →