The Hacker News

Google Patches Antigravity IDE Flaw Enabling Prompt Injection Code Execution

Antigravity Strict Mode bypass disclosed Jan 7, 2026, patched Feb 28, enables arbitrary code execution via fd -X flag.

Critical flaw in Protobuf library enables JavaScript code execution

Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used ...
CSOonline

Microsoft demonstrates remote code execution exploit against PLCs that support CODESYS

Researchers from Microsoft have demonstrated how programmable logic controllers (PLCs) that support the CODESYS runtime can be taken over by exploiting high-severity remote code execution (RCE) ...
Bleeping Computer

Exploit code released for critical Ivanti RCE flaw, patch now

A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly released, making it crucial to update devices. The ...
Dark Reading

Adobe Patches Actively Exploited Zero-Day That Lingered for Months

An attacker has been using maliciously crafted PDF files to exploit a zero-day in Adobe Acrobat and Reader for at least four ...
Ars Technica

0-day remote execution exploit in the wild for Firefox

As yet it appears the vulnerability is unpatched or only patched in nightlies, so go that bit more careful if you're using Firefox. Its likely a Chinese payload, no word on what the exploit is ...
SecurityWeek

Hackers Fail to Exploit Flaw in Discontinued TP-Link Routers

Hackers have been unsuccessfully targeting CVE-2023-33538, a vulnerability in discontinued TP-Link routers, for a year.
Infosecurity-magazine.com

Exploit Code Released For Critical Fortra GoAnywhere Bug

Threat actors could soon strike after a proof-of-concept exploit was published for a critical vulnerability in managed file transfer (MFT) software Fortra GoAnywhere MFT yesterday. Horizon3 published ...
Computerworld

Windows exploit code coming

As Microsoft recommends that users focus first on installing the MS09-065 patch released Tuesday, experts are agreeing with that advice because exploit code for remote execution appears to be right ...
InfoWorld

Zero-day PDF exploit affects Adobe Reader 11 and earlier versions, researchers say

Adobe is investigating the report, but has yet to confirm that the exploit bypasses the sandbox protection in Adobe Reader 10 and 11 Researchers from security firm FireEye claim that attackers are ...
ExtremeTech

LastPass exploit allows remote code execution and password theft

LastPass bills itself as a way to simplify your life by storing all your passwords and account details in one place. However, it's looking a little less convenient now, as the service deals with its ...
Computerworld

First exploit appears for Patch Tuesday vulnerability

A security researcher has published the first exploit against one of the 14 vulnerabilities patched last week by Microsoft Corp., security company Symantec Corp. has warned customers. In a posting to ...