They're serious. Notices about arbitrary code execution (ACE) vulnerabilities appear just about every week in alerts from US-CERT — the United States Computer Emergency Readiness Team, a part of the ...

Google released an emergency Chrome update on Friday to patch a zero-day vulnerability that has been exploited in the wild.

A zero-click flaw in Anthropic’s Claude Desktop Extensions allows attackers to trigger remote code execution via Google ...

Docker has released security fixes for a critical vulnerability affecting its AI-assisted feature known as Ask Gordon. The ...

CISA warns of a new SmarterTools SmarterMail vulnerability exploited by ransomware groups for unauthenticated RCE.

A new vulnerability has been discovered in the R programming language that allows arbitrary code execution upon deserializing specially crafted RDS and RDX files. R is an open-source programming ...

Background In March 2025, cybersecurity researchers disclosed a highly sophisticated targeted attack campaign named “Operation ForumTroll.” Orchestrated by an unidentified state-sponsored APT group, ...

CVE-2026-1357 exposes a critical WordPress WPvivid plugin flaw, allowing unauthenticated RCE, enabling attackers to upload PHP files and fully compromise sites. The post CVE-2026-1357: WordPress ...

PandasAI, an open source project by SinaptikAI, has been found vulnerable to Prompt Injection attacks. An attacker with access to the chat prompt can craft malicious input that is interpreted as code, ...

BeyondTrust warned customers to patch a critical security flaw in its Remote Support (RS) and Privileged Remote Access (PRA) software that could allow unauthenticated attackers to execute arbitrary ...