The Hacker News

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

Claude Code flaws allow remote code execution and API key theft via untrusted repositories; three bugs fixed across 2025–2026 ...

Cisco warns of max severity Secure FMC flaws giving root access

Cisco has released security updates to patch two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC) software.
HotHardware

BleedingTooth Linux Exploit Can Lead to Remote Code Execution Within Bluetooth Range

A new Bluetooth security vulnerability has appeared, and this time Linux is under the gun. Andy Nguyen, an information security researcher, discovered the vulnerabilities. They are collectively known ...
Polygon

Dark Souls PvP servers taken offline to fix dangerous exploit

FromSoftware and Bandai Namco are temporarily closing down player-versus-player multiplayer access to the Dark Souls games on Windows PC after a dangerous remote code execution (RCE) exploit became ...
CSOonline

Microsoft demonstrates remote code execution exploit against PLCs that support CODESYS

Researchers from Microsoft have demonstrated how programmable logic controllers (PLCs) that support the CODESYS runtime can be taken over by exploiting high-severity remote code execution (RCE) ...

Spyware-grade Coruna iOS exploit kit now used in crypto theft attacks

A previously undocumented set of 23 iOS exploits named "Coruna" has been deployed by multiple threat actors in targeted ...
ExtremeTech

LastPass exploit allows remote code execution and password theft

LastPass bills itself as a way to simplify your life by storing all your passwords and account details in one place. However, it's looking a little less convenient now, as the service deals with its ...
ZDNet

Code execution exploit dings iPhone

Apple's iPhone has failed the security smell test. Researchers at Security Evaluators have found what is believed to be the first remote code execution flaw affecting the device -- a bug that can be ...
Ars Technica

Windows code-execution zeroday is under active exploit, Microsoft warns

Attackers are actively exploiting a Windows zero-day vulnerability that can execute malicious code on fully updated systems, Microsoft warned on Monday. The font-parsing remote code-execution ...
Threat Post

Working Exploit Is Out for VMware vCenter CVE-2021-22005 Flaw

UPDATE: Indicators of compromise are now available. The unredacted RCE exploit released on Monday allows unauthenticated, remote attackers to upload files to the vCenter Server analytics service. A ...
TechSpot

Dark Souls PvP servers suspended due to remote code execution exploit

What just happened? Being able to invade another player's game is one of the Dark Souls series' defining characteristics, but it seems this feature can be used for some very nefarious purposes.
The Hacker News

Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1

Google uncovered Coruna iOS exploit kit with 23 exploits across five chains targeting iPhones running iOS 13–17.2.1.