Be careful if you want to play Call of Duty: WW2 through Game Pass on PC – some users have been reporting falling victim to RCE (Remote Command Execution) hacks. The earliest reports of this surfaced just a few hours ago, with players taking to social media to share some concerning stories, while others stressed this has been a problem ‘for years’ in COD WW2.

Hackers are actively exploiting CVE-2025-49113, a critical vulnerability in the widely used Roundcube open-source webmail application that allows remote execution.
The security issue has been present in Roundcube for over a decade and impacts versions of Roundcube webmail 1.1.0 through 1.6.10. It received a patch on June 1st.

It took attackers just a couple of days to reverse engineer the fix, weaponize the vulnerability, and start selling a working exploit on at least one hacker forum.

Roundcube is one of the most popular webmail solutions as the product is included in offers from well-known hosting providers such as GoDaddy, Hostinger, Dreamhost, or OVH.
"Email armageddon"

CVE-2025-49113 is a post-authentication remote code execution (RCE) vulnerability that received a critical severity score of 9.9 out of 10 and is described as “email armageddon.”

It was discovered and reported by Kirill Firsov, the CEO of the cybersecurity company FearsOff, who decided to publish the technical details before the end of the responsible disclosure period because an exploit had become available.

On May 13, 2025, FortiGuard Labs published an advisory detailing CVE-2025-32756, which affects a variety of Fortinet products:

FortiCamera
FortiMail
FortiNDR
FortiRecorder
FortiVoice
In their advisory, FortiGuard Labs states that Fortinet has observed this issue being exploited in the wild. The next day, May 14, the vulnerability was added to the CISA KEV catalog.

The vulnerability is described in the advisory as a stack-based buffer overflow in the administrative API that can lead to unauthenticated remote code execution. Given that it’s being exploited in the wild, we figured we’d take a closer look. If you’d rather run the test instead of reading this write-up, coverage is already available in NodeZero.

Critical vulnerabilities in Versa Concerto that are still unpatched could allow remote attackers to bypass authentication and execute arbitrary code on affected systems.
Three security issues, two of them critical, were publicly disclosed by researchers at the vulnerability management firm ProjectDiscovery after reporting them to the vendor and receiving no confirmation of the bugs being addressed.

Versa Concerto is the centralized management and orchestration platform for Versa Networks' SD-WAN and SASE (Secure Access Service Edge) solutions.
Three security issues, two of them critical, were publicly disclosed by researchers at the vulnerability management firm ProjectDiscovery after reporting them to the vendor and receiving no confirmation of the bugs being addressed.

Versa Concerto is the centralized management and orchestration platform for Versa Networks' SD-WAN and SASE (Secure Access Service Edge) solutions.

Keeping your ears to the ground and eyes wide open for the latest vulnerability news at watchTowr is a given. Despite rummaging through enterprise code looking for 0days on a daily basis, our interest was piqued this week when news of fresh vulnerabilities was announced in a close friend -

Keeping your ears to the ground and eyes wide open for the latest vulnerability news at watchTowr is a given. Despite rummaging through enterprise code looking for 0days on a daily basis, our interest was piqued this week when news of fresh vulnerabilities was announced in a close friend - Ivanti, and their Endpoint Manager Mobile (Ivanti EPMM) solution.

For those out of the loop, don’t worry - as always, we’re here to fill you in.

Ivanti Endpoint Manager Mobile (EPMM) is an MDM solution for system administrators to install and manage devices within an organization. It hopes to prevent you from installing malware or enjoying your life by watching YouTube during any permitted and sanctioned downtime.

Why Is This Important?
Well, short of their intended functionality, MDM solutions are, in a sense, C2 frameworks for enterprises… allowing system administrators to manage software on their devices.

Picture this: You’ve compromised the MDM solution at one of the largest banks and are able to deploy malicious software at scale to employee devices.

And it's Friday!

In April 2024, I discovered a high-severity vulnerability in Visual Studio Code (VS Code <= 1.89.1) that allows attackers to escalate a Cross-Site Scripting (XSS) bug into full Remote Code Execution (RCE)—even in Restricted Mode.

The desktop version of Visual Studio Code runs on Electron. Renderer processes are sandboxed and communicate with the main process through Electron’s IPC mechanism.

An XSS vulnerability in the newly-introduced minimal error rendering mode for Jupyter notebooks enables arbitrary JavaScript code to be executed within the vscode-app WebView for the notebook renderer. The vulnerability can be triggered by opening a crafted .ipynb file if the user has the setting enabled, or by opening a folder containing a crafted settings.json file in VS Code and opening a malicious ipynb file within the folder. This vulnerability can be triggered even when Restricted Mode is enabled (which is the default for workspaces that have not been explicitly trusted by the user).

In this post, we’ll walk through how the bug works and how it bypasses VS Code’s Restricted Mode.

SAP has released out-of-band emergency NetWeaver updates to fix a suspected remote code execution (RCE) zero-day flaw actively exploited to hijack servers.

Cisco has released security updates for a high-severity Webex vulnerability that allows unauthenticated attackers to gain client-side remote code execution using malicious meeting invite links.

On April 3, 2025, Ivanti published an advisory for CVE-2025-22457, an unauthenticated remote code execution vulnerability due to a stack based buffer overflow.…

As large language models (LLMs) become more advanced and are granted additional capabilities by developers, security risks increase dramatically. Manipulated LLMs are no longer just a risk of...

We share actionable mitigation and detection strategies against IngressNightmare so you can protect against possible exploitation in runtime.

On December 16, 2024, BeyondTrust published both an advisory and patches for CVE-2024-12356, a critical unauthenticated remote code execution (RCE) vulnerabili…

Cisco has fixed two critical Identity Services Engine (ISE) vulnerabilities that can let attackers with read-only admin privileges bypass authorization and run commands as root.

On November 25, 2024, a third party, from SECURE NETWORK BVTECH, reported the D-Link DSL-3788 hardware revision B2 with firmware version vDSL-3788_fw_revA1_1.01R1B036_EU_EN or below, of a Unauthenticated Remote Code Execution (RCE) vulnerability.

When D-Link became aware of the reported security issues, we promptly started investigating and developing security patches. Patches were release within the 90-day of the report of the vulnerabilities.

In December 2024, two Windows Lightweight Directory Access Protocol (LDAP) vulnerabilities were identified by independent security researcher Yuki Chen: CVE-2024-49112, a remote code execution (RCE) flaw with a 9.8 CVSS score, and CVE-2024-49113, a denial-of-service (DoS) flaw with a 7.5 CVSS score.

​Veeam released security updates today to address two Service Provider Console (VSPC) vulnerabilities, including a critical remote code execution (RCE) discovered during internal testing.

VSPC, described by the company as a remote-managed BaaS (Backend as a Service) and DRaaS (Disaster Recovery as a Service) platform, is used by service providers to monitor the health and security of customer backups, as well as manage their Veeam-protected virtual, Microsoft 365, and public cloud workloads.

A vulnerability categorized as “critical” in a photo app installed by default on Synology network-attached storage devices could give attackers the ability to steal data and worse.

Multiple Xerox printers (EC80xx, AltaLink, VersaLink, WorkCentre) were affected by an authenticated remote code execution vulnerability which allowed an attacker with administrative web credentials to fully compromise the devices with root privileges on the operating system.

Hello friends, this is the first of two, possibly three (if and when I have time to finish the Windows research) writeups. We will start with targeting GNU/Linux systems with an RCE. As someone who’s

VMware warned that an attacker with network access could send a specially crafted packet to execute remote code. CVSS severity score 9.8/10.