Topic: code execution
-
Critical RCE Flaw Found in Popular expr-eval JavaScript Library
A critical remote code execution vulnerability (CVE-2025-12735) has been found in the widely used expr-eval JavaScript library, affecting over 800,000 weekly downloads and posing severe risks to dependent applications. The flaw arises from improper validation in the Parser.evaluate() function, al...
Read More » -
Gemini 3 Flash's Agentic Vision: Sharper Image Responses
Agentic Vision transforms Gemini 3 Flash's image analysis by using a "Think, Act, Observe" loop, where the model actively manipulates images with Python code to uncover fine details and ensure grounded answers. This approach replaces probabilistic guessing with verifiable execution, improving acc...
Read More » -
Critical Server Vulnerability Sparks Urgent Admin Response
A critical, maximum-severity vulnerability in the widely used React Server package allows attackers to easily execute arbitrary code via a single HTTP request, with public exploit code now available. The flaw's danger is amplified because React is integrated by default into many popular framework...
Read More » -
Triofox Hack: Critical File-Sharing Flaw Exploited
A critical security vulnerability (CVE-2025-12480) in Gladinet's Triofox platform allows attackers to execute malicious code by exploiting improper access control and manipulating the antivirus feature, affecting versions prior to 16.7.10368.56560. The exploitation campaign, tracked as UNC6485, b...
Read More » -
Unity Uncovers Major 2017 Security Flaw in Dev Tool
Unity has identified a significant security flaw in its development platform since 2017, allowing attackers to execute unauthorized code and steal data across Android, Windows, Linux, and macOS systems. The company has released comprehensive fixes for all affected Unity Editor versions and a bina...
Read More » -
Cisco ASA Firewalls Under Active Attack from Zero-Day Exploits
Cisco has issued an urgent alert to patch two actively exploited zero-day vulnerabilities (CVE-2025-20333 and CVE-2025-20362) affecting its ASA and FTD software. The company, aided by international cybersecurity agencies, also addressed a third critical flaw (CVE-2025-20363) but has not linked it...
Read More » -
NHS England Warns of Active 7-Zip Exploit (CVE-2025-11001)
NHS England Digital has issued a critical security alert for an actively exploited vulnerability (CVE-2025-11001) in 7-Zip, urging immediate updates to prevent system compromise. The vulnerability, a path traversal flaw in ZIP archive processing, allows attackers to execute malicious code and was...
Read More » -
Trend Micro Apex Central RCE PoC Released (CVE-2025-69258)
Trend Micro has issued a critical security update for its Apex Central on-premise platform, addressing multiple vulnerabilities, including a severe one (CVE-2025-69258) that allows unauthenticated attackers to execute code with SYSTEM privileges. The vulnerabilities, discovered by Tenable, involv...
Read More » -
Multiple Threat Groups Exploit Active WinRAR Vulnerability
A critical path traversal vulnerability (CVE-2025-6218) in WinRAR for Windows is being actively exploited, allowing attackers to execute arbitrary code by tricking users into opening malicious files. Multiple sophisticated threat groups, including Bitter APT and Gamaredon, are weaponizing the fla...
Read More » -
Cisco Warns: Patch This Critical RCE & DoS Bug Now
A critical vulnerability (CVE-2025-20352) in Cisco's IOS and IOS XE Software allows remote attackers to execute arbitrary code or cause a denial-of-service if they have compromised credentials. The flaw exists in the SNMP subsystem and can be triggered by sending a crafted packet, with exploitati...
Read More » -
CISA Warns of Critical Git Flaw Under Active Exploitation
CISA has issued an urgent warning about a critical vulnerability in Git (CVE-2025-48384) that allows arbitrary code execution and requires federal agencies to patch by September 15th. The flaw arises from improper handling of carriage return characters in configuration files, which attackers can ...
Read More » -
Anthropic's Official Git MCP Server Exposes Prompt Injection Bugs
Critical vulnerabilities were discovered in Anthropic's official Git server for its Model Context Protocol (MCP), exploitable via prompt injection attacks to manipulate AI assistants into unauthorized actions. The flaws, present in default installations, allow attackers to execute code, delete fi...
Read More » -
Critical "Ni8mare" Bug Allows Hackers to Take Over n8n Servers
A critical, maximum-severity vulnerability (CVSS 10.0) in n8n allows unauthenticated remote attackers to take control of servers, posing a major risk due to the platform's widespread use and integration with sensitive enterprise systems. The flaw, named "Ni8mare," is a path traversal issue where ...
Read More » -
Healthcare Breach Hits 600k, ShinyHunters Strike, DeepSeek Bias Exposed
Healthcare and luxury brands face significant cybersecurity threats, with major breaches at Goshen Medical Center and Kering-owned fashion labels exposing sensitive data of hundreds of thousands. Critical software vulnerabilities, such as Chaotic Deputy in Chaos-Mesh, and AI-generated code biases...
Read More » -
Perplexity’s AI Tool Creates Spreadsheets & Dashboards Easily
Perplexity Labs, a new AI-powered tool in the $20/month Pro plan, automates data analysis and reporting by generating detailed reports, spreadsheets, and dashboards across multiple platforms. The tool is designed for complex tasks, taking 10+ minutes to execute advanced features like file generat...
Read More » -
Critical SonicWall SonicOS Flaw Lets Hackers Crash Firewalls
SonicWall has issued an urgent warning about a high-severity security flaw (CVE-2025-40601) in its SonicOS SSLVPN service, which could allow attackers to crash affected firewalls via a denial-of-service attack, impacting Gen7 and Gen8 hardware and virtual firewalls. The company states there is no...
Read More » -
How MCP Server Flaws Escalate to Supply Chain Attacks
A path traversal vulnerability in Smithery.ai's MCP server platform exposed administrative credentials, compromising over 3,000 AI servers and risking a major supply chain incident. The flaw allowed attackers to access sensitive files and an overprivileged token, enabling potential code execution...
Read More » -
Unlock Custom Tasks with Claude Skills: Here's How
Anthropic's Skills for Claude allow users to customize the AI's behavior for specific tasks, transforming it into a specialized tool for individual and business needs. The system includes both custom and pre-built Skills for tasks like generating documents, enabling Claude to autonomously handle ...
Read More » -
Claude's New Skills: A Game-Changer for AI
Anthropic's new Skills feature allows Claude AI subscribers to add specialized modules for handling specific business applications and workflows, addressing limitations in general language models. Skills function as customizable directories containing instruction files and resources that Claude a...
Read More » -
Urgent Unity Security Update Required for All Games
A critical security vulnerability in Unity requires developers using versions 2017.1 or later for Windows, Android, or macOS to update immediately to prevent potential risks like malicious code execution. Unity's partners, including Valve and Microsoft, have implemented security measures, and the...
Read More » -
Pentiment, Other Games Pulled From Steam Amid Unity Security Flaw
A security flaw in Unity game engine versions from 2017.1 onward has led to the temporary removal of several popular games from Steam, affecting multiple platforms but with no current evidence of exploitation. The vulnerability, reported responsibly by a researcher, could allow unsafe file loadin...
Read More »