NGINX Flaw CVE-2026-42945 Actively Exploited, Threatens Worker Crashes and RCE

A newly discovered NGINX flaw, CVE-2026-42945, is being actively exploited, posing a significant threat of worker crashes and remote code execution (RCE) through specially crafted HTTP requests. This high-severity vulnerability, with a CVSS score of 9.2, has been lurking in NGINX versions since 2008,…

https://osintsights.com/nginx-flaw-cve-2026-42945-actively-exploited-threatens-worker-crashes-and-rce?utm_source=mastodon&utm_medium=social

#Nginx #Cve202642945 #RemoteCodeExecution #HeapBufferOverflow #VulnerabilityExploitation

⚠️ REMOTE CODE EXECUTION THREAT: Unpatched DHTMLX Products Exposed to Critical Vulnerability, Server Compromise Imminent

#CybersecurityVulnerability #DHTMLX #GanttSchedulerVulnerability #PDFExportModule #RemoteCodeExecution #cve #cybersecurity #iso27001

NGINX Flaw Enables Unauthenticated Remote Code Execution

A critical 18-year-old vulnerability, known as NGINX Rift, has been discovered in NGINX Plus and NGINX Open Source, allowing unauthenticated attackers to remotely execute code with a single crafted HTTP request. This high-severity flaw, rated 9.2 on the CVSS v4 scale, poses a significant threat to vulnerable servers.

https://osintsights.com/nginx-flaw-enables-unauthenticated-remote-code-execution?utm_source=mastodon&utm_medium=social

#Nginx #RemoteCodeExecution #Cve202642945 #UnauthenticatedAttacks #HeapBufferOverflow

Exim Flaw Exposes Servers to Remote Code Execution

A critical flaw in Exim, tracked as CVE-2026-45185, leaves servers vulnerable to remote code execution if they're running specific builds, but thankfully, a remediation was published in Exim version 4.99.3. This vulnerability is triggered during TLS shutdown while handling certain SMTP traffic, allowing attackers to exploit it.

https://osintsights.com/exim-flaw-exposes-servers-to-remote-code-execution?utm_source=mastodon&utm_medium=social

#RemoteCodeExecution #Exim #Cve202645185 #GnuTransportLayerSecurity #Starttls

Microsoft Patch Tuesday Disrupts 120 Vulnerabilities with AI-Driven Insights

Microsoft's May Patch Tuesday update tackles a whopping 120 vulnerabilities, including 17 critical flaws that could leave your systems exposed to remote code execution, elevation of privilege, and information disclosure attacks. Prioritize patching now to safeguard your domain controllers and prevent…

https://osintsights.com/microsoft-patch-tuesday-disrupts-120-vulnerabilities-with-ai-driven-insights?utm_source=mastodon&utm_medium=social

#PatchTuesday #Microsoft #Cve202641089 #RemoteCodeExecution #ElevationOfPrivilege

Fortinet Disrupts Critical RCE Flaws in FortiSandbox, FortiAuthenticator

Fortinet has patched a critical remote code execution vulnerability in its FortiAuthenticator and FortiSandbox products, which could have allowed unauthenticated attackers to run unauthorized code or commands. The company has released fixed builds to address the flaw, tracked as CVE-2026-44277, and…

https://osintsights.com/fortinet-disrupts-critical-rce-flaws-in-fortisandbox-fortiauthenticator?utm_source=mastodon&utm_medium=social

#RemoteCodeExecution #Fortiauthenticator #Cve202644277 #Fortinet #IdentityAndAccessManagement

Honeypot reveals botnet exploiting scriptText to launch DDoS attacks on game servers

Analysts observed attackers exploiting a Jenkins honeypot to deploy a new DDoS botnet targeting video game servers. Leveraging Jenkins scriptText abuse, the threat actors achieved remote code execution by sending malicious Groovy scripts to intentionally misconfigured instances with weak passwords. The multi-platform payload targets both Windows and Linux systems, deploying malware that evades detection through process renaming and daemonization. The botnet supports multiple attack vectors including UDP floods, TCP attacks, HTTP requests, and game-specific techniques targeting Valve Source Engine servers. Infrastructure hosted in Vietnam serves dual purposes for payload distribution and command-and-control communications. The campaign demonstrates continued opportunistic exploitation of internet-facing services, with gaming industry servers being primary targets for distributed denial-of-service attacks.

Pulse ID: 6a0199674dd4cf450633dd32
Pulse Link: https://otx.alienvault.com/pulse/6a0199674dd4cf450633dd32
Pulse Author: AlienVault
Created: 2026-05-11 08:55:03

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #DDoS #DoS #HTTP #HoneyPot #InfoSec #Linux #Malware #OTX #OpenThreatExchange #Password #Passwords #RAT #RCE #RemoteCodeExecution #TCP #UDP #Vietnam #Windows #Word #bot #botnet #AlienVault

Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution

Pulse ID: 6a01600647e7bc7fee6485d3
Pulse Link: https://otx.alienvault.com/pulse/6a01600647e7bc7fee6485d3
Pulse Author: Tr1sa111
Created: 2026-05-11 04:50:14

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #OTX #OpenThreatExchange #RemoteCodeExecution #ZeroDay #bot #Tr1sa111

xrdp Vulnerability Exposes Remote Code Execution Risk

A critical vulnerability, CVE-2025-68670, was discovered in the xrdp remote desktop server, allowing for remote code execution - a flaw that was thankfully patched in January 2026. This security risk was found during a routine audit, highlighting the importance of regular security checks to protect against potential threats.

https://osintsights.com/xrdp-vulnerability-exposes-remote-code-execution-risk?utm_source=mastodon&utm_medium=social

#RemoteCodeExecution #Xrdp #Cve202568670 #Rdp #VulnerabilityManagement

Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution

A buffer overflow vulnerability in the User-ID Authentication Portal of PAN-OS software allows unauthenticated attackers to execute arbitrary code with root privileges on PA-Series and VM-Series firewalls. Limited exploitation has been observed starting April 9, 2026, by a likely state-sponsored threat cluster. Attackers successfully achieved remote code execution by injecting shellcode into nginx worker processes. Post-exploitation activities included deployment of EarthWorm and ReverseSocks5 tunneling tools, Active Directory enumeration using compromised firewall credentials, and systematic log destruction to evade detection. The attackers demonstrated operational discipline with intermittent interactive sessions over multiple weeks, using open-source tools instead of proprietary malware to minimize detection. The vulnerability poses elevated risk when the portal is exposed to untrusted networks or the public internet.

Pulse ID: 69fc45baaffc99649cda5385
Pulse Link: https://otx.alienvault.com/pulse/69fc45baaffc99649cda5385
Pulse Author: AlienVault
Created: 2026-05-07 07:56:42

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #Malware #Nginx #Nim #OTX #OpenThreatExchange #RAT #RCE #RemoteCodeExecution #Rust #ShellCode #Vulnerability #Worm #ZeroDay #bot #socks5 #AlienVault