The Hacker News

Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution

Critical CVE-2026-2329 flaw in Grandstream GXP1600 VoIP phones enables unauthenticated RCE, call interception, and credential theft.
The Hacker News

Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution

Fortinet fixes critical FortiClientEMS SQL injection flaw (CVSS 9.1) enabling code execution; separate SSO bug actively exploited.
Technobezz on MSN

A zero-click flaw in Claude Desktop Extensions exposes over 10,000 users to remote code execution

A critical zero-click flaw in Claude Desktop Extensions allows remote code execution via calendar invites, risking over ...
CSOonline

Gladinet servers file-sharing servers allow remote code execution

Enterprises relying on Gladinet’s file-sharing services are faced with another round of zero-day patching, this time to block attackers from abusing cryptographic keys directly baked into its ...
Security Boulevard

Update Chrome now: Zero-day bug allows code execution via malicious webpages

Google has released an emergency update to patch an actively exploited zero-day—the first Chrome zero-day of the year.

arbitrary code execution

Google released a Chrome security update fixing two high-severity flaws that could enable code execution or crashes via malicious websites.