CVE-2026-3854 (CVSS 8.7) enabled GitHub RCE via git push, risking cross-tenant access to millions of repositories.

Two major remote code execution vulnerabilities have been disclosed and patched in GitHub and the Cursor IDE. GitHub’s CVE-2026-3854 allowed authenticated users to execute arbitrary commands via a ...

Incomplete patch for a Windows SmartScreen and Windows Shell security prompts bypass created a new bug enabling zero-click ...

The Xbox PC release was probably supposed to be a quiet drop, but what players got instead were pop-ups, downloads, and a lawyer’s face on their desktop. Activision has removed Call of Duty: WWII from ...

A new Mirai-based malware campaign is actively exploiting CVE-2025-29635, a high-severity command-injection vulnerability ...

A researcher discovered five different exploit paths that stem from an architectural weakness in Windows' Remote Procedure ...

ShowDoc CVE-2025-0520 exploited due to unpatched versions before 2.8.7, enabling remote code execution on 2,000+ instances.

Hackers launched attacks just one day after the flaw’s full technical write-up was made public Many servers stayed vulnerable for weeks despite a fix being released long before the disclosure Null ...

Cybersecurity firm F5 Networks has reclassified a BIG-IP APM denial-of-service (DoS) vulnerability as a critical-severity remote code execution (RCE) flaw, warning that attackers are exploiting it to ...

The prompt-injection issue in the agentic AI product for filesystem operations was a sanitization issue that allowed for ...

A max-severity RCE vulnerability in Erlang’s OTP SSH daemon, CVE-2025-32433, was actively exploited in OT networks across six countries, targeting firewalls in critical infrastructure sectors. A ...

An iOS warning has been issued by researchers after they discovered “a new and powerful” exploit kit targeting Apple iPhone models running iOS version 13 to 17.2.1. An iOS warning has been issued by ...