Hackers Exploit FortiClient Flaw to Deliver Infostealer Malware

Hackers are exploiting a vulnerability in FortiClient Enterprise Management Server to deliver infostealer malware, cleverly disguising the payload as a legitimate Fortinet endpoint update. This sneaky tactic uses FortiClient-managed VPN scripting workflows to execute the malicious code, putting security teams on high alert.

https://osintsights.com/hackers-exploit-forticlient-flaw-to-deliver-infostealer-malware?utm_source=mastodon&utm_medium=social

#Forticlient #Cve202635616 #InfostealerMalware #Exploit #ArbitraryCodeExecution

Super Mario Bros.: Neuer Glitch ermöglicht „alles“ – 40 Jahre altes Geheimnis entdeckt

https://nintendo-connect.de/heimkonsole/nes/super-mario-bros-neuer-glitch-ermoeglicht-alles-40-jahre-altes-geheimnis-entdeckt-235194/

Drupal Sites Targeted in SQL Injection Attacks

Drupal sites are under attack as SQL injection exploits are now being detected in the wild, taking advantage of a vulnerability that can be triggered without authentication. This critical flaw, CVE-2026-9082, allows attackers to execute arbitrary SQL and potentially run remote code, putting sites that use PostgreSQL at risk.

https://osintsights.com/drupal-sites-targeted-in-sql-injection-attacks?utm_source=mastodon&utm_medium=social

#SqlInjection #Drupal #Cve20269082 #EmergingThreats #ArbitraryCodeExecution

Cisco Fixes Flaws Enabling Code Execution in Identity Services, Webex

Cisco has patched four critical vulnerabilities in its Identity Services and Webex Services, which could have allowed attackers to run arbitrary code and impersonate any user, posing a massive security risk. The fixes address flaws with CVSS scores as high as 9.8, safeguarding against devastating attacks.

https://osintsights.com/cisco-fixes-flaws-enabling-code-execution-in-identity-services-webex?utm_source=mastodon&utm_medium=social

#Cisco #IdentityServices #WebexServices #ArbitraryCodeExecution #Cve202620184

Arbitrary Code Execution via Scanner Bypass in `aws-diagram-mcp-server` `exec()` Namespace
This vulnerability involves arbitrary code execution due to a scanner bypass in the `aws-diagram-mcp-server` `exec()` namespace. The application fails to properly filter user-controlled input when constructing command-line arguments, allowing malicious input to execute arbitrary code. The researcher discovered this by injecting special characters (e.g., semi-colon ;) to execute multiple commands separated by semicolons. The vulnerability was caused by the lack of input sanitization in the `exec()` function, which resulted in the execution of user-supplied shell commands. This flaw allows an attacker to execute any command on the system with the same privileges as the application, potentially leading to full system compromise. The researcher received $2,000 for this vulnerability. To prevent similar issues, it is crucial to properly sanitize user inputs and limit the scope of command execution. Key lesson: Always sanitize user inputs to prevent arbitrary code execution. #BugBounty #Cybersecurity #WebSecurity #ArbitraryCodeExecution #InputSanitization

https://hackerone.com/reports/3557138

Critical n8n flaw could enable arbitrary code execution
https://securityaffairs.com/186036/hacking/critical-n8n-flaw-could-enable-arbitrary-code-execution.html

#Infosec #Security #Cybersecurity #CeptBiro #n8n #ArbitraryCodeExecution

"A security vulnerability was identified that affects games and applications built on Unity versions 2017.1 and later for Android, Windows, Linux, and macOS operating systems. "

"We strongly recommend you download the patched update for your version of the Unity Editor, recompile, and republish your application."

Well, good luck with that.

https://discussions.unity.com/t/unity-platform-protection-take-immediate-action-to-protect-your-games-and-apps/1688031

https://unity.com/security/sept-2025-01/remediation

#Unity #Security #UnityEditor #ACE #ArbitraryCodeExecution

NVIDIA Container Toolkit Vulnerability Allows Elevated Arbitrary Code Execution
https://cybersecuritynews.com/nvidia-container-toolkit-vulnerability-2/

#Infosec #Security #Cybersecurity #CeptBiro #NVIDIAContainerToolkit #Vulnerability #Elevated #ArbitraryCodeExecution

Insomnia API Client Vulnerability Enables Arbitrary Code Execution via Template Injection
https://gbhackers.com/insomnia-api-client-vulnerability/

#Infosec #Security #Cybersecurity #CeptBiro #Insomnia #APIClient #Vulnerability #ArbitraryCodeExecution #TemplateInjection