Dark Reading

Netwrix Auditor Bug Could Lead to Active Directory Domain Compromise

Editor's note: Update at bottom of story. Netwrix IT asset tracker and compliance auditor, used across more than 11,500 organizations, contains a critical Insecure Object Deserialization vulnerability ...
Bleeping Computer

Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.
SecurityWeek

Gladinet CentreStack Flaw Exploited to Hack Organizations

Threat actors have exploited a vulnerability in Gladinet CentreStack to retrieve cryptographic keys and compromise nine ...