Critical UniFi OS bug lets hackers gain root without authentication

Attackers can chain three already fixed vulnerabilities in the Ubiquiti UniFi OS server to execute remote code with root ...
The Hacker News

LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE

CISA added CVE-2026-42271, a high-severity LiteLLM command injection flaw, to its KEV catalog after evidence of active ...
Bleeping Computer

New Mirai botnet infect TBK DVR devices via command injection flaw

A new variant of the Mirai malware botnet is exploiting a command injection vulnerability in TBK DVR-4104 and DVR-4216 digital video recording devices to hijack them. The flaw, tracked under ...

Unifi Server Flaws Expose Root Takeover Risk Arabian Post

Unifi Server Flaws Expose Root Takeover Risk Arabian Post. clearfix> Ubiquiti has patched a chain of critical UniFi OS Server vulnerabilities that could allow an unauthenticated attacker with network ...
Infosecurity-magazine.com

Attackers Exploit DVR Command Injection Flaw to Deploy Mirai-Based Botnet

A newly identified malware campaign has been observed exploiting a command injection flaw in digital video recorder (DVR) devices to deploy a Mirai-based botnet, according to analysis by FortiGuard ...

Critical command injection vulnerability discovered in Universal Robots PolyScope 5

Universal Robots urges users to update PolyScope software following critical vulnerability ...
Hosted on MSN

Microsoft’s new AI Notepad just opened a terrifyingly easy hacker loophole

A command injection flaw in the Windows Notepad App now gives remote attackers a path to execute code over a network, turning one of the most familiar programs on any PC into a potential entry point ...
CSOonline

Chaos-Mesh flaws put Kubernetes clusters at risk of full takeover

Four newly discovered vulnerabilities in the fault simulation platform can lead to OS command injection and cluster takeover, even from unprivileged pods. Researchers have found critical ...