SecurityWeek

RondoDox Botnet Exploiting React2Shell Vulnerability

December 2025, the RondoDox botnet operators have been targeting Next.js servers impacted by the React2Shell vulnerability.

This SmarterMail vulnerability allows remote code execution - here's what we know

Business-grade email server software SmarterMail just patched a maximum-severity vulnerability that allowed threat actors to engage in remote code execution (RCE) attacks.
The Hacker News

Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution

Fortinet patches a critical FortiSIEM vulnerability (CVE-2025-64155) that allows unauthenticated remote code execution via ...
PC World

OpenVPN servers can be vulnerable to Shellshock Bash vulnerability

Virtual private network servers based on OpenVPN might be vulnerable to remote code execution attacks through Shellshock and other recent flaws that affect the Bash Unix shell. The OpenVPN attack ...
SecurityWeek

Hackers Exploit Zero-Day in Discontinued D-Link Devices

Threat actors are exploiting CVE-2026-0625, a critical zero-day vulnerability in discontinued D-Link devices for remote code ...
HHS

Attackers Exploit Shellshock Bug

The recently discovered Shellshock - or Bash - vulnerability is being actively targeted by malware gangs, who appear to have already claimed more than 700 victims. See Also: Averting the Breach: 5 ...
Bleeping Computer

KDE Vulnerability Fixed By Removing Shell Command Support

A code execution vulnerability in the KDE desktop manager has been resolved by removing support for shell commands in the KConfig configuration system. Earlier this week, BleepingComputer reported on ...