Sixty vulnerabilities were patched in the latest version of file transfer utility Rsync, including two allowing malicious code execution on servers. Clients only need anonymous read-access for exploitation. Hackers could also control a server to read/write files from any connected client, potentially extracting sensitive data. All issues affect Rsync versions prior to v3.4.0. Users are urged to implement the fixes, and updated Rsync packages have been released for Ubuntu and Debian.

Mandiant warns of attacks on newly-disclosed Ivanti remote takeover threat
Google’s Mandiant team has issued an alert about a remote code execution flaw in the Ivanti Connect Secure VPN platform. The vulnerability, designated CVE-2025-22457, is