California sues websites that publish blueprints for 3D printer ghost guns

Two websites that distribute instructions for how to manufacture ghost guns are facing a new lawsuit from the state of ...
Security Boulevard

Flaw in Anthropic Claude Extensions Can Lead to RCE in Google Calendar: LayerX

LayerX researchers uncover a flaw in Anthropic's Claude Desktop Extensions that could lead to a RCE vulnerability if ...
The Maravi Post

How the Presidency is Making Trump Richer

At the start of his second term, Kirkpatrick says, Trump was in an “even tighter” spot. But six months later, Trump’s financial situation had substantially improved. Kirkpatrick has done a full ...

WhatsApp users urged to change one setting after hacking bug

WhatsApp users are being urged to change their settings after hackers were able to access personal data. A flaw was ...

Watching Squid Game and listening to K-pop in North Korea could cost your life, Amnesty report reveals shocking details

Amnesty International reports that North Koreans risk public execution, imprisonment, or forced labour for consuming South ...
SecurityWeek

N8n Vulnerabilities Could Lead to Remote Code Execution

Two vulnerabilities in n8n’s sandbox mechanism could be exploited for remote code execution (RCE) on the host system.

Still using WinRAR? You should probably look out for these potentially dangerous security flaws

Iconic Windows archiving program WinRAR contains a high-severity vulnerability that allows threat actors to execute arbitrary ...
The Hacker News

ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services

ClickFix uses fake CAPTCHAs and a signed Microsoft App-V script to deploy Amatera stealer on enterprise Windows systems.
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...
CSOonline

HPE OneView vulnerable to remote code execution attack

An unauthenticated user can execute the attack, and there’s no mitigation, just a hotfix that should be applied immediately. A maximum severity remote code execution vulnerability in Hewlett Packard ...
Microsoft

Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components

CVE-2025-55182 (also referred to as React2Shell and includes CVE-2025-66478, which was merged into it) is a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server ...