The Hacker News

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

Claude Code flaws allow remote code execution and API key theft via untrusted repositories; three bugs fixed across 2025–2026 ...
TechRadar

Critical remote code execution flaw in Apache OFBiz patched

Apache released a patch for a critical severity vulnerability in its OFBiz software. The bug is an arbitrary code execution flaw, allowing threat actors to run any code on either Windows, or Linux ...
Dark Reading

2 Zero-Day Bugs in Microsoft's Nov. Update Under Active Exploit

Attackers are already actively exploiting two vulnerabilities for which Microsoft issued patches on Nov. 12 as part of its monthly security update. And they could soon begin targeting two other ...
Bleeping Computer

Critical Ivanti RCE flaw with public exploit now used in attacks

CISA warned today that a critical Ivanti vulnerability that can let threat actors gain remote code execution on vulnerable Endpoint Manager (EPM) appliances is now actively exploited in attacks.
Dark Reading

Microsoft Outlook Zero-Click Security Flaws Triggered by Sound File

Researchers this week disclosed details on two security vulnerabilities in Microsoft Outlook that, when chained together, give attackers a way to execute arbitrary code on affected systems without any ...