Call of Duty: WW2 Players Reporting RCE Exploits on PC
Be careful if you want to play Call of Duty: WW2 through Game Pass on PC – some users have been reporting falling victim to RCE (Remote Command Execution) hacks. The earliest reports of this surfaced just a few hours ago, with players taking to social media to share some concerning stories, while others stressed this has been a problem ‘for years’ in COD WW2.
On June 16, GreyNoise observed exploit attempts targeting CVE-2023-28771 — a remote code execution vulnerability affecting Zyxel Internet Key Exchange (IKE) packet decoders over UDP port 500. CVE: CVE-2023-28771 Exploit method: UDP port 500 (IKE packet decoder) Date observed: June 16, 2025 Duration of activity: One day (June 16, 2025) Unique IPs: 244 Top destination countries: U.S., U.K., Spain, Germany, India. IP classification: All malicious per GreyNoise Infrastructure: Verizon Business (all IPs geolocated to U.S.) Spoofable traffic: Yes (UDP-based) Observed Activity Exploitation attempts against CVE-2023-28771 were minimal throughout recent weeks. On June 16, GreyNoise observed a concentrated burst of exploit attempts within a short time window, with 244 unique IPs observed attempting exploitation. The top destination countries were the U.S., U.K., Spain, Germany, and India. Historical analysis indicates that in the two weeks preceding June 16, these IPs were not observed engaging in any other scanning or exploit behavior — only targeting CVE-2023-28771.
Hacker selling critical Roundcube webmail exploit as tech info disclosed
Hackers are actively exploiting CVE-2025-49113, a critical vulnerability in the widely used Roundcube open-source webmail application that allows remote execution. The security issue has been present in Roundcube for over a decade and impacts versions of Roundcube webmail 1.1.0 through 1.6.10. It received a patch on June 1st. It took attackers just a couple of days to reverse engineer the fix, weaponize the vulnerability, and start selling a working exploit on at least one hacker forum. Roundcube is one of the most popular webmail solutions as the product is included in offers from well-known hosting providers such as GoDaddy, Hostinger, Dreamhost, or OVH. "Email armageddon" CVE-2025-49113 is a post-authentication remote code execution (RCE) vulnerability that received a critical severity score of 9.9 out of 10 and is described as “email armageddon.” It was discovered and reported by Kirill Firsov, the CEO of the cybersecurity company FearsOff, who decided to publish the technical details before the end of the responsible disclosure period because an exploit had become available.
Cisco warns of ISE and CCP flaws with public exploit code
Cisco has released patches to address three vulnerabilities with public exploit code in its Identity Services Engine (ISE) and Customer Collaboration Platform (CCP) solutions. The most severe of the three is a critical static credential vulnerability tracked as CVE-2025-20286, found by GMO Cybersecurity's Kentaro Kawane in Cisco ISE. This identity-based policy enforcement software provides endpoint access control and network device administration in enterprise environments. The vulnerability is due to improperly generated credentials when deploying Cisco ISE on cloud platforms, resulting in shared credentials across different deployments. Unauthenticated attackers can exploit it by extracting user credentials from Cisco ISE cloud deployments and using them to access installations in other cloud environments. However, as Cisco explained, threat actors can exploit this flaw successfully only if the Primary Administration node is deployed in the cloud. "A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems," the company explained.
[CVE-2025-37752] Two Bytes Of Madness: Pwning The Linux Kernel With A 0x0000 Written 262636 Bytes Out-Of-Bounds
CVE-2025-37752 is an Array-Out-Of-Bounds vulnerability in the Linux network packet scheduler, specifically in the SFQ queuing discipline. An invalid SFQ limit and a series of interactions between SFQ and the TBF Qdisc can lead to a 0x0000 being written approximately 256KB out of bounds at a misaligned offset. If properly exploited, this can enable privilege escalation. Spray sfq_slots in kmalloc-64 to prevent an immediate kernel crash when the bug is triggered. Prevent a type-confused skb from being dequeued by reconfiguring the TBF Qdisc. Drop TBF rate and add packet overhead before the OOB write occurs. Use the 0x0000 written 262636 bytes OOB to corrupt the pipe->files field of a named pipe, free the pipe, cause page-level UAF and get arbitrary R/W in that page. Reclaim the freed page with signalfd files and use the page-level R/W primitive to swap file->private_data with file->f_cred. * Get root by overwriting the process credentials with zeros via signalfd4().bounds at a misaligned offset. If properly exploited, this can enable privilege escalation.
Fortinet diligently balances our commitment to the security of our customers and our culture of responsible transparency and commits to sharing information with that goal in mind. While efforts by threat actors to exploit known vulnerabilities are not new, recent Fortinet investigations have discovered a post exploitation technique used by a threat actor. This blog offers analysis of that finding to help our customers make informed decisions.
Next.js and the corrupt middleware: the authorizing artifact
Recently, Yasser Allam, known by the pseudonym inzo_, and I, decided to team up for some research. We discussed potential targets and chose to begin by focusing on Next.js (130K stars on github, currently downloaded + 9,4 million times per week), a framework I know quite well and with which I already have fond memories, as evidenced by my previous work. Therefore, the “we” throughout this paper will naturally refer to the two of us. Next.js is a comprehensive javascript framework based on React, packed with numerous features — the perfect playground for diving into the intricacies of research. We set out, fueled by faith, curiosity, and resilience, to explore its lesser-known aspects, hunting for hidden treasures waiting to be found. It didn’t take long before we uncovered a great discovery in the middleware. The impact is considerable, with all versions affected, and no preconditions for exploitability — as we’ll demonstrate shortly.
![[CVE-2025-37752] Two Bytes Of Madness: Pwning The Linux Kernel With A 0x0000 Written 262636 Bytes Out-Of-Bounds](https://rdl.ink/render/https%3A%2F%2Fsyst3mfailure.io%2Ftwo-bytes-of-madness%2Fassets%2Fimages%2Ftitle.png?width=92&height=&ar=&mode=&format=avif&dpr=2)
