VulnHub

Hackers have been exploiting a serious vulnerability in the React Native CLI, identified as CVE-2025-11953, to execute remote commands and deploy stealthy Rust-based malware. This flaw arises from the React Native CLI's Metro server, which, by default, binds to external interfaces, making it susceptible to unauthorized access. This exploitation occurred weeks before the vulnerability was publicly disclosed, indicating that attackers are actively targeting this weakness. Users of React Native should be particularly vigilant, as the impact could extend to various applications built on this framework. Prompt action is necessary to secure affected systems and prevent further malicious activities.

A serious security vulnerability, identified as CVE-2025-11953 and nicknamed Metro4Shell, has been discovered in the Metro Development Server, which is part of the '@react-native-community/cli' npm package. This flaw, rated 9.8 on the CVSS scale, allows remote attackers to execute arbitrary code without authentication. Researchers from VulnCheck first detected active exploitation of this vulnerability on December 21, 2025. This poses a significant risk for developers and organizations using this package, as it could lead to unauthorized control over their systems. Users of the affected npm package need to take immediate action to protect their applications.

Ukraine's Computer Emergency Response Team (CERT) has reported that Russian hackers are taking advantage of a newly patched vulnerability in Microsoft Office, identified as CVE-2026-21509. This flaw affects multiple versions of the software, which could leave users open to various cyberattacks. The exploitation of this vulnerability is concerning, especially as Microsoft Office is widely used in both personal and professional settings. Users and organizations are urged to ensure that their systems are updated with the latest security patches to mitigate the risk of being targeted. The situation underscores the need for vigilance in maintaining software security, especially with ongoing geopolitical tensions.

Ivanti has reported two serious vulnerabilities in its Endpoint Manager Mobile (EPMM) software, identified as CVE-2026-1281 and CVE-2026-1340. These flaws allow remote code execution, meaning attackers could potentially take control of affected systems without needing physical access. The company warns that these vulnerabilities are currently being actively exploited, putting users at risk. Organizations using EPMM should prioritize applying the necessary security updates to safeguard their systems. Failure to address these vulnerabilities could lead to significant security breaches, affecting both the integrity of user data and the overall security posture of the organization.

Ivanti has revealed two serious vulnerabilities in its Endpoint Manager Mobile (EPMM) software, identified as CVE-2026-1281 and CVE-2026-1340. These vulnerabilities are currently being exploited in zero-day attacks, meaning attackers have already taken advantage of them before any fix was made available. Organizations using EPMM are at risk, as these flaws could allow unauthorized access to sensitive mobile device management functions. The situation is urgent, as the vulnerabilities are actively being exploited in the wild, which could lead to data breaches or unauthorized control over managed devices. Users and companies are advised to monitor for updates and take immediate action to secure their systems.

Fortinet has issued patches for a serious vulnerability in its FortiOS software, identified as CVE-2026-24858, which has been actively exploited by attackers. This flaw allows unauthorized users to bypass Single Sign-On (SSO) authentication, posing a significant risk to organizations using affected systems. The vulnerability has a high CVSS score of 9.4, indicating its severity. It impacts several products, including FortiOS, FortiManager, and FortiAnalyzer. Companies utilizing these systems should prioritize applying the available patches to protect against potential breaches.

Fortinet has addressed a significant vulnerability tracked as CVE-2026-24858, which could allow attackers to bypass authentication and gain unauthorized access to devices linked to other FortiCloud accounts. This flaw presents a serious risk, as it enables malicious actors to potentially control devices that should be secure. Users and organizations utilizing FortiCloud services are particularly affected, as their account security could be compromised. Fortinet's swift action to patch this vulnerability is crucial to prevent exploitation and protect users' sensitive data. Companies using Fortinet products should ensure they apply the latest updates to mitigate this risk effectively.

Microsoft has released a patch for a zero-day vulnerability in its Office software, identified as CVE-2026-21509. This flaw allows attackers to bypass certain security features, potentially putting users at risk. Reports suggest that the vulnerability may have already been exploited in targeted attacks against specific organizations. As a result, it's crucial for all users of Microsoft Office to apply this patch promptly to protect themselves from potential intrusions. The patch is part of Microsoft's ongoing efforts to enhance the security of its products and safeguard user data from malicious activities.

Microsoft has released emergency patches for a serious vulnerability in Microsoft Office, identified as CVE-2026-21509. This zero-day flaw has a CVSS score of 7.8, indicating it is a significant security risk. The vulnerability allows attackers to bypass security features by exploiting untrusted inputs, potentially leading to unauthorized access. Organizations using affected Microsoft Office products should prioritize applying these patches, as the vulnerability is currently being exploited in the wild. This situation emphasizes the need for users to stay vigilant and maintain their software up to date to protect against such threats.

A serious vulnerability has been discovered in Appsmith, an open-source low-code application platform, tracked as CVE-2026-22794. This flaw affects the authentication process, allowing attackers to hijack user accounts. Researchers have confirmed that this vulnerability is currently being exploited in the wild, raising significant concerns for organizations using the platform. Users of Appsmith should act quickly to secure their accounts and systems to prevent unauthorized access. As the exploitation of this vulnerability poses a real threat, it’s crucial for affected users to stay informed and take necessary precautions.

Researchers have discovered a critical vulnerability in the GNU InetUtils telnet daemon (telnetd), tracked as CVE-2026-24061, which has remained unnoticed for nearly 11 years. This flaw affects all versions from 1.9.3 to 2.7 and has a high severity score of 9.8, indicating a significant risk. If exploited, attackers could gain root access to affected systems, posing a serious threat to security. This vulnerability impacts a variety of systems that rely on GNU InetUtils, making it imperative for users and organizations to address this issue promptly. As this flaw has been present for so long, it raises concerns about the security practices in place for maintaining software.