News

The Hacker News

CISA Warns of Two Malware Strains Exploiting Ivanti EPMM CVE-2025-4427 and CVE-2025-4428

CISA details attackers exploiting Ivanti EPMM zero-days CVE-2025-4427/4428 in May 2025, enabling persistent remote code ...
WeLiveSecurity

Analysis of two arbitrary code execution vulnerabilities affecting WPS Office

ESET researchers discovered a code execution vulnerability in WPS Office for Windows (CVE⁠-⁠2024⁠-⁠7262), as it was being exploited by APT-C-60, a South Korea-aligned cyberespionage group. Upon ...
Bleeping Computer

R language flaw allows code execution via RDS/RDX files

A new vulnerability has been discovered in the R programming language that allows arbitrary code execution upon deserializing specially crafted RDS and RDX files. R is an open-source programming ...
Bleeping Computer

Facebook discloses FreeType 2 flaw exploited in attacks

Facebook is warning that a FreeType vulnerability in all versions up to 2.13 can lead to arbitrary code execution, with reports that the flaw has been exploited in attacks. FreeType is a popular ...
The Hacker News

SAP Patches Critical NetWeaver (CVSS Up to 10.0) and High-Severity S/4HANA Flaws

SAP patches critical NetWeaver and S/4HANA flaws (CVSS 8.1–10.0), preventing code execution, file upload, and data loss.