The Hacker News

Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials

Two critical n8n flaws (CVSS 9.4, 9.5) enable RCE via expression sandbox escape and public forms, risking credential exposure ...
TweakTown

WinRAR 'high-risk' exploit discovered, make sure you update to the latest release

TL;DR: WinRAR has a critical security vulnerability (CVE-2025-6218) allowing remote code execution via directory traversal in Windows versions. This exploit risks sensitive data and system integrity.

Hackers Used New Exploit Kit to Compromise Thousands of iPhones

Thousands of iPhones were compromised using the Coruna exploit kit, which chained 23 iOS vulnerabilities into advanced attacks used for espionage and cybercrime.
Bleeping Computer

Critical Progress WhatsUp RCE flaw now under active exploitation

Threat actors are actively attempting to exploit a recently fixed Progress WhatsUp Gold remote code execution vulnerability on exposed servers for initial access to corporate networks. The ...
CSO Online

Coruna iOS exploit kit moved from spy tool to mass criminal campaign in under a year

Google and iVerify researchers say the case points to a thriving secondary market for high-end zero-day exploits.
CSOonline

Microsoft demonstrates remote code execution exploit against PLCs that support CODESYS

Researchers from Microsoft have demonstrated how programmable logic controllers (PLCs) that support the CODESYS runtime can be taken over by exploiting high-severity remote code execution (RCE) ...
Infosecurity-magazine.com

Exploit Code Released For Critical Fortra GoAnywhere Bug

Threat actors could soon strike after a proof-of-concept exploit was published for a critical vulnerability in managed file transfer (MFT) software Fortra GoAnywhere MFT yesterday. Horizon3 published ...
The Hacker News

Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1

Google uncovered Coruna iOS exploit kit with 23 exploits across five chains targeting iPhones running iOS 13–17.2.1.