Bleeping Computer

PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers

The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port. The D-Link ...

Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator

Fortinet has released security patches for two critical vulnerabilities in FortiSandbox and FortiAuthenticator that could ...
CPO Magazine

Security Flaw in Claude AI Chrome Extension Enables Attackers to Execute Privileged Commands and Steal Data

A security flaw in “Claude in Chrome” enables any Chrome extension, including those without permissions, to execute ...
CSOonline

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configs open servers to possible remote code execution, as evidenced by several commercial services and open-source projects. AI agent building tools enable users to configure ...
SiliconANGLE

Ontinue warns attackers are abusing Nezha monitoring tool as stealthy remote access trojan

A new report out today from Swiss artificial intelligence-powered managed extended detection and response company Ontinue AG warns of the growing abuse of Nezha, a legitimate open-source server ...
SDxCentral

Splunk suite at threat from remote code execution

Splunk systems are at risk from a remote command execution (RCE) vulnerability. Tracked as CVE-2026-20163, the flaw allows bad actors to carry out arbitrary shell commands directly on the host ...
CSOonline

Cisco patches max-severity flaw allowing arbitrary command execution

Cisco (Nasdaq:CSCO) is urging customers to patch for a maximum-severity flaw affecting its IOS XE Software for Wireless controllers. The flaw, tracked as CVE-2025-20188, received a severity rating of ...