The Hacker News

Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an ...
Bleeping Computer

Veeam warns of critical flaws exposing backup servers to RCE attacks

Data protection company Veeam Software has patched multiple flaws in its Backup & Replication solution, including four critical remote code execution (RCE) vulnerabilities. VBR is enterprise data ...
Bleeping Computer

New Veeam vulnerabilities expose backup servers to RCE attacks

Veeam released security updates to patch multiple security flaws in its Backup & Replication software, including a critical remote code execution (RCE) vulnerability. Tracked as CVE-2025-59470, this ...
CSOonline

Critical RCE flaw in Anthropic’s MCP inspector exposes developer machines to remote attacks

A misconfigured default in the MCP inspector tool allows attackers to execute arbitrary commands via CSRF and legacy browser flaws, posing serious risks to AI developers and enterprise systems. A ...
Neowin

Microsoft shares Windows Server KB5070881 KB5070879 KB5070884 OOB updates for CVE-2025-592870 0

Microsoft earlier today released emergency patches for a remote code execution security vulnerability on all supported Windows Server versions. Remote Code execution (RCE) attacks are a fairly ...
TechRepublic

Patch SharePoint Now: Microsoft Servers at Risk of New ToolShell RCE Attack

If exploited, attackers can gain full access to SharePoint content and potentially pivot to Outlook, Teams, and OneDrive. Learn how to protect your SharePoint server from compromise. A critical remote ...
Dark Reading

Fortinet Addresses Unpatched Critical RCE Vector

Fortinet has finally patched a critical security vulnerability in its Wireless LAN Manager (FortiWLM) that could allow unauthenticated sensitive information disclosure. And, when chained with another ...
Infosecurity-magazine.com

Pyodide Sandbox Escape Enables Remote Code Execution in Grist-Core

A critical sandbox escape vulnerability in Grist-Core has been disclosed that allows remote code execution (RCE) through a single malicious spreadsheet formula. The issue was uncovered by Cyera ...
Hosted on MSN

Notepad's new Markdown powers served with a side of remote code execution

Just months after Microsoft added Markdown support to Notepad, researchers have found the feature can be abused to achieve remote code execution (RCE).… Tracked as CVE-2026-20841 (8.8), the ...
Infosecurity-magazine.com

Chained Flaws in Enterprise CMS Provider Sitecore Could Allow Remote Code Execution

Vulnerability research firm WatchTowr has detected seven vulnerabilities in Sitecore, a popular content management system (CMS) provider used by HSBC, United Airlines, P&G and L’Oréal. In its first ...
Dark Reading

Windows Zero-Day Bug Exploited for Browser-Led RCE

A Microsoft scripting engine vulnerability has been exploited as a zero-day in the wild, leading to unauthenticated attackers achieving remote code execution (RCE). Microsoft hasn’t released any ...
CSOonline

5-month-old F5 BIG-IP DoS bug becomes critical RCE exploited in the wild

Reclassified as a remote code execution flaw, the F5 BIG-IP APM vulnerability has been upgraded to CVSS 9.8, requiring immediate patching and compromise assessment. A vulnerability misclassified five ...