The Hacker News

Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

CVE-2024-3721 and CVE-2023-33538 exploited in TBK DVRs and EoL TP-Link routers, enabling Mirai variants and DDoS risk.
ZDNet

Patch released for Fortinet command injection vulnerability

Update: In a statement to ZDNet, Fortinet criticized Rapid7 for releasing the study and said a patch would be released by the end of the month. "The security of our customers is always our first ...
The Hacker News

April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More

Critical SAP, Adobe, Fortinet, and Microsoft flaws disclosed in April Patch Tuesday, enabling RCE and data theft risks.
Computing

Flaw in Anthropic’s MCP putting 200k servers at risk, researchers claim

A vulnerability in Anthropic’s open source Model Context Protocol is putting up to 200,000 servers at risk of complete ...
Yahoo

Researchers warn command injection flaw in Fortinet FortiWeb is under exploitation

Fortinet Technologies Canada office on Oct. 15, 2023, in Nepean, Canada. The cybersecurity company disclosed a customer data breach on Sept. 12, 2024. This story was originally published on ...
Hosted on MSN

Microsoft’s new AI Notepad just opened a terrifyingly easy hacker loophole

A command injection flaw in the Windows Notepad App now gives remote attackers a path to execute code over a network, turning one of the most familiar programs on any PC into a potential entry point ...
Bleeping Computer

Latest Command Injection news

Today, Palo Alto Networks warns that an unpatched critical command injection vulnerability in its PAN-OS firewall is being actively exploited in attacks. Threat actors can exploit a security ...
Bleeping Computer

Latest Command Injection news

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting ...