Alerts

Critical Apache bRPC Vulnerability Allows Remote Command Injection (CVE-2025-60021)

Zero Day Wire

19 Jan 2026 — 1 min read

A critical remote command injection vulnerability has been discovered in Apache bRPC, with over 4,000 exposed instances identified online.

Vulnerability Details

CVE ID	CVSS Score	Type	Affected Versions
CVE-2025-60021	9.8 (Critical)	Remote Command Injection	All versions prior to 1.15.0

The flaw exists in the heap profiler's extra_options parameter. Attackers can exploit the /pprof/heap service to execute arbitrary commands on vulnerable systems without authentication.

Exposure

ZoomEye scans indicate approximately 4,000+ internet-facing bRPC instances, creating significant attack surface for exploitation.

Remediation

Organizations running Apache bRPC should upgrade to version 1.15.0 or later immediately.

As a temporary mitigation, restrict access to the /pprof/heap endpoint and ensure bRPC services are not exposed to the internet.

Google Attributes Axios npm Supply Chain Attack to North Korean UNC1069, Links Backdoor to WAVESHAPER Evolution

Google has formally attributed the Axios npm supply chain attack to UNC1069, a North Korean threat cluster tracked by Mandiant and Google's Threat Intelligence Group since 2018. The attribution, confirmed by GTIG chief analyst John Hultquist, links the compromise of the JavaScript ecosystem's most popular HTTP

CISA Orders Emergency Patch for Actively Exploited Citrix NetScaler Flaw Resembling CitrixBleed (CVE-2026-3055)

CISA has issued an emergency patching directive for a critical Citrix NetScaler vulnerability that is already being exploited in the wild to hijack administrator sessions on exposed appliances. The agency added CVE-2026-3055 to its Known Exploited Vulnerabilities catalog on Monday and ordered all Federal Civilian Executive Branch agencies to secure

Axios Supply Chain Attack Delivers Cross-Platform RAT to Millions After npm Maintainer Account Hijacked

A coordinated supply chain attack targeting the Axios npm package has delivered a cross-platform remote access trojan to developer workstations and CI/CD environments worldwide, after an attacker hijacked the lead maintainer's npm credentials and published two backdoored releases to the official registry. The attack, executed in the

RedLine Infostealer Administrator Extradited to US, Faces Up to 20 Years for Running MaaS Infrastructure

Armenian national Hambardzum Minasyan has been extradited to the United States for his alleged role in maintaining RedLine's command-and-control infrastructure, managing affiliate payments, and distributing the infostealer — one of the most prolific credential-stealing operations since 2020.

Read more

Google Attributes Axios npm Supply Chain Attack to North Korean UNC1069, Links Backdoor to WAVESHAPER Evolution

CISA Orders Emergency Patch for Actively Exploited Citrix NetScaler Flaw Resembling CitrixBleed (CVE-2026-3055)

Axios Supply Chain Attack Delivers Cross-Platform RAT to Millions After npm Maintainer Account Hijacked

RedLine Infostealer Administrator Extradited to US, Faces Up to 20 Years for Running MaaS Infrastructure