Command Line Injection Vulnerabilities in Java

900+ Sangoma FreePBX Instances Compromised in Ongoing Web Shell Attacks

Over 900 FreePBX systems remain infected after CVE-2025-64328 exploitation, now listed in CISA KEV amid active attacks.

900 Sangoma FreePBX Instances Infected With Web Shells

Hackers exploited CVE-2025-64328, a FreePBX command injection vulnerability, to infect hundreds of instances with web shells.

The Hacker News

CISA Confirms Active Exploitation of FileZen CVE-2026-25108 Vulnerability

CISA added FileZen CVE-2026-25108 (CVSS 8.7) to its KEV catalog after active exploitation, affecting versions 4.2.1–4.2.8 and ...

IEEE

Understanding Resource Injection Vulnerabilities in Kubernetes Ecosystems

Abstract: Cloud-native technologies have revolutionized application development, with Kubernetes emerging as the de facto standard platform for containerization and orchestration. Kubernetes manages ...

GitHub

Command Injection via Bash.run() LLM Tool Registration

The Bash class in MetaGPT is registered as an LLM-callable tool via @register_tool(include_functions=["run"]). This allows LLM agents to execute arbitrary bash commands without any meaningful security ...

Bleeping Computer

Ivanti warns of two EPMM flaws exploited in zero-day attacks

Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that were exploited in zero-day attacks. The flaws are ...

Some results have been hidden because they may be inaccessible to you

Show inaccessible results