SecurityWeek

F5 BIG-IP DoS Flaw Upgraded to Critical RCE, Now Exploited in the Wild

Threat actors are exploiting CVE-2025-53521, a critical F5 BIG-IP vulnerability that has been reclassified as a remote code execution issue.

Hackers now exploit critical F5 BIG-IP flaw in attacks, patch now

F5 has reclassified a BIG-IP APM denial-of-service (DoS) vulnerability as a critical-severity remote code execution (RCE) flaw, warning that attackers are exploiting it to deploy webshells on ...
Infosecurity Magazine

Attackers Rapidly Weaponize Critical Oracle WebLogic RCE, Honeypot Study Finds

Attackers rapidly exploited a critical Oracle WebLogic RCE flaw the same day exploit code was released, according to a ...
CSO Online

Attackers exploit critical Langflow RCE within hours as CISA sounds alarm

Attackers weaponized critical RCE within hours, prompting CISA to add the flaw to its KEV catalog and set an urgent patch ...
Infosecurity-magazine.com

Hackers Target Atlassian Confluence With RCE Exploits

Security experts are observing attempts to exploit the remote code execution (RCE) vulnerability CVE-2023-22527 affecting outdated Atlassian Confluence servers. The company disclosed the flaw last ...
Bleeping Computer

Exploit released for Fortinet RCE bug used in attacks, patch now

Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited ...
Hosted on MSN

OpenClaw patches one-click RCE as security Whac-A-Mole continues

Security issues continue to pervade the OpenClaw ecosystem, formerly known as ClawdBot then Moltbot, as multiple projects patch bot takeover and remote code execution (RCE) exploits.… The initial hype ...
The Hacker News

DarkSword iOS Exploit Kit Uses 6 Flaws, 3 Zero-Days for Full Device Takeover

DarkSword exploit targets iOS 18.4–18.7 using 6 flaws and 3 zero-days, enabling rapid data theft from iPhones across multiple ...
Dark Reading

Apache Tomcat RCE Vulnerability Under Fire With 2-Step Exploit

A vulnerability found in Apache Tomcat, tracked as CVE-2025-24813, is being actively exploited in the wild. The remote code execution (RCE) bug allows attackers to take over servers using a PUT API ...
CSOonline

Attackers exploit zero-day RCE flaw in Cleo managed file transfer

The exploit takes advantage of a known file upload vulnerability that was not efficiently patched and can still be exploited in up-to-date versions of Cleo LexiCom, VLTrader and Harmony products.
Dark Reading

Exploit for Fortinet Critical RCE Bug Allows SIEM Root Access

A proof-of-concept exploit (PoC) for a critical vulnerability in Fortinet's FortiSIEM product has emerged, paving the way for broad exploitation. The vulnerability, tracked under CVE-2024-23108, was ...
GosuGamers

Call of Duty: WWII pulled from Xbox PC Game Pass amid RCE exploit chaos

The Xbox PC release was probably supposed to be a quiet drop, but what players got instead were pop-ups, downloads, and a lawyer’s face on their desktop. Activision has removed Call of Duty: WWII from ...