Bleeping Computer

Latest Command Injection news

Zyxel has released security updates to address a critical vulnerability impacting multiple models of its business routers, potentially allowing unauthenticated attackers to perform OS command ...
Infosecurity-magazine.com

CISA Urges Software Makers to Eliminate OS Command Injection Vulnerabilities

The US government has urged software manufacturers to work towards the elimination of operating system (OS) command injection vulnerabilities. The alert from the Cybersecurity and Infrastructure ...
Bleeping Computer

CISA urges devs to weed out OS command injection vulnerabilities

CISA and the FBI urged software companies on Wednesday to review their products and eliminate path OS command injection vulnerabilities before shipping. Velvet Ant, the Chinese state-sponsored threat ...

BeyondTrust RCE flaw lets hackers run code without logging in

A 9.9/10 bug was found in multiple BeyondTrust products, but a patch is already available.
Threat Post

D-Link Routers at Risk for Remote Takeover from Zero-Day Flaws

Critical vulnerabilities discovered by Digital Defense can allow attackers to gain root access and take over devices running same firmware. Buggy firmware opens a number of D-Link VPN router models to ...
Dark Reading

Zero-Day Flaw Found in Fortinet's FortiWeb WAF Technology

Researchers at Rapid7 today disclosed a critical zero-day vulnerability in Fortinet's FortiWeb Web application firewall (WAF) technology that attackers can exploit to gain complete control of affected ...