Claude Code flaws allow remote code execution and API key theft via untrusted repositories; three bugs fixed across 2025–2026 releases.

The attacks, which unfolded over several days starting in late February, involved the bot opening crafted pull requests that ...

Ox Security warns that Mail2Shell could enable threat actors to hijack FreeScout systems without user interaction ...

Popular WordPress security plugin WP Ghost is vulnerable to a critical severity flaw that could allow unauthenticated attackers to remotely execute code and hijack servers. WP Ghost is a popular ...

A newly disclosed flaw in Anthropic’s Claude Desktop Extensions shows how a routine productivity feature can enable zero-click system compromise. LayerX researchers found that a single malicious ...

Networking hardware maker DrayTek released an advisory to warn about a security vulnerability in several Vigor router models that could allow remote, unauthenticated actors to execute perform ...

Security issues continue to pervade the OpenClaw ecosystem, formerly known as ClawdBot then Moltbot, as multiple projects patch bot takeover and remote code execution (RCE) exploits.… The initial hype ...

A research team at data security platform Cyera has discovered a critical vulnerability in n8n, a no-code workflow automation tool, called ' Ni8mare ( CVE-2026-21858), ' which allows remote code ...