InfoQ

Redis Critical Remote Code Execution Vulnerability Discovered After 13 Years

This critical (CVSS 10.0) use-after-free (UAF) vulnerability in Lua scripting could allow authenticated attackers to execute ...
TechSpot

Two critical flaws put 7-Zip users at risk of remote code execution

In a nutshell: The 7-Zip file archiver is a popular open-source alternative to paid programs like WinZip and WinRAR. Widely used by both organizations and individuals, it has also become a frequent ...
ZATAZ

7-Zip vulnerabilities: directory escape and remote execution

Two flaws in 7-Zip allow working-directory escape through symlinks inside malicious ZIPs. Update immediately or disable automatic extraction to mitigate risk. Two vulnerabilities, CVE-2025-11001 and ...
Infosecurity-magazine.com

Critical WatchGuard Fireware OS Flaw Enables Remote Code Execution

A critical vulnerability (CVSS4.0 9.3) in WatchGuard Fireware OS has been identified that could allow a threat actor to remotely execute arbitrary code. The bug, tracked as CVE-2025-9242, is an out-of ...
Bleeping Computer

Hackers launch mass attacks exploiting outdated WordPress plugins

A widespread exploitation campaign is targeting WordPress websites with GutenKit and Hunk Companion plugins vulnerable to critical-severity, old security issues that can be used to achieve remote code ...
Bleeping Computer

Hackers exploit Cisco SNMP flaw to deploy rootkit on switches

Threat actors exploited a recently patched remote code execution vulnerability (CVE-2025-20352) in Cisco networking devices to deploy a rootkit and target unprotected Linux systems. The security issue ...
Infosecurity Magazine

Claude Desktop Extensions Vulnerable to Web-Based Prompt Injection

Three of Anthropic’s Claude Desktop extensions were vulnerable to command injection – flaws that have now been fixed ...