10K Claude Desktop Users Exposed by Zero-Click Vulnerability

A zero-click flaw in Anthropic’s Claude Desktop Extensions allows attackers to trigger remote code execution via Google ...

BeyondTrust RCE flaw lets hackers run code without logging in

A 9.9/10 bug was found in multiple BeyondTrust products, but a patch is already available.
The Hacker News

SolarWinds Web Help Desk Exploited for RCE in Multi-Stage Attacks on Exposed Servers

Microsoft links SolarWinds WHD exploits to RCE, lateral movement, and domain compromise in multi-stage attacks.
The Hacker News

BeyondTrust Fixes Critical Pre-Auth RCE Vulnerability in Remote Support and PRA

BeyondTrust fixes CVSS 9.9 pre-auth RCE flaw (CVE-2026-1731) in Remote Support and PRA; 11,000 instances exposed.

Critical n8n flaws discovered - here's how to stay safe

In the second half of December 2025, n8n’s developers released CVE-2025-68613, a patch for a critical Remote Code Execution ...

Critical n8n flaws disclosed along with public exploits

Multiple critical vulnerabilities in the popular n8n open-source workflow automation platform allow escaping the confines of ...
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...
Network World

Holes in Veeam Backup suite allow remote code execution, creation of malicious backup config files

The vendor has issued a patch to close four holes in its flagship Backup & Replication suite; version 13 users are advised to audit their backup config files and closely monitor backup jobs. Veeam ...
SiliconANGLE

Cyata flags agentic AI supply-chain risk in Cursor remote code execution bug

A new report out today from artificial intelligence security startup Cyata Security Ltd. details a critical remote code execution vulnerability in Cursor Inc.’s integrated development environment that ...
Search Engine Land

Google explains JavaScript execution on non-200 HTTP status codes

Google made another change to the JavaScript SEO documentation help document to explain and clarify JavaScript execution on non-200 HTTP status codes. The change. Google wrote, “All pages with a 200 ...
Network World

HPE OneView vulnerable to remote code execution attack

An unauthenticated user can execute the attack, and there’s no mitigation, just a hotfix that should be applied immediately. A maximum severity remote code execution vulnerability in Hewlett Packard ...