Hackaday

Arbitrary Code Execution Over Radio

Computers connected to networks are constantly threatened by attackers who seek to exploit vulnerabilities wherever they can find them. This risk is particularly high for machines connected to the ...
SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...
Threat Post

Critical Magento Flaws Allow Code Execution

Adobe has released patches for critical and important-severity flaws in its popular Magento e-commerce platform. Critical flaws in Adobe’s Magento e-commerce platform – which is commonly targeted by ...
The Hacker News

Fortinet Fixes Critical FortiSIEM Flaw Allowing Unauthenticated Remote Code Execution

Fortinet patches a critical FortiSIEM vulnerability (CVE-2025-64155) that allows unauthenticated remote code execution via ...
The Hacker News

CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

A flaw in the binary-parser npm package before version 2.3.0 lets attackers execute arbitrary JavaScript via unsanitized parser input.

Go Programming Language 1.26 Patches Several Security Flaws

The patched issues span core standard library components including archive/zip and net/http, as well as security-sensitive ...
ZDNet

Adobe tackles critical code execution vulnerabilities in Acrobat, Reader

On Tuesday, the company issued its standard monthly round of fixes, the majority of which relate to the popular PDF viewing and editing software. In total, 26 vulnerabilities have been resolved, 11 of ...
Bleeping Computer

Actively exploited Apache 0-day also allows remote code execution

Proof-of-Concept (PoC) exploits for the Apache web server zero-day surfaced on the internet revealing that the vulnerability is far more critical than originally disclosed. These exploits show that ...