A PNG Image With an Embedded Gift
Xavier shows how Python code attached to a PNG image can be used to implement a command and control channel or a complete remote admin kit.
https://isc.sans.edu/diary/A+PNG+Image+With+an+Embedded+Gift/31998)
Cisco IOS XE WLC Arbitrary File Upload Vulnerability (CVE-2025-20188) Analysis
Horizon3 analyzed a recently patched flaw in Cisco Wireless Controllers. This arbitrary file upload flaw can easily be used to execute arbitrary code.
https://horizon3.ai/attack-research/attack-blogs/cisco-ios-xe-wlc-arbitrary-file-upload-vulnerability-cve-2025-20188-analysis/)
Don't Call That "Protected" Method: Dissecting an N-Day vBulletin RCE
A change in PHP 8.1 can expose methods previously expected to be safe . vBulletin fixed a related flaw about a year ago without explicitly highlighting the security impact of the fix. A blog post now exposed the flaw and provided exploit examples. We have seen exploit attempts against honeypots starting May 25th, two days after the blog was published.
https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce)
