SecurityWeek

‘PackageGate’ Flaws Open JavaScript Ecosystem to Supply Chain Attacks

Vulnerabilities in the NPM, PNPM, VLT, and Bun package managers could lead to protection bypasses and arbitrary code ...
Dark Reading

More Problems for Fortinet: Critical FortiSIEM Flaw Exploited

CVE-2025-64155, a command injection vulnerability, was disclosed earlier this week and quickly came under attack from a ...
Dark Reading

Exploited Zero-Day Flaw in Cisco UC Could Affect Millions

Mass scanning is underway for CVE-2026-20045, which Cisco tagged as critical because successful exploitation could lead to a ...
SecurityWeek

High-Severity Remote Code Execution Vulnerability Patched in OpenSSL

OpenSSL updates released on Tuesday patch a dozen vulnerabilities, including a high-severity remote code execution flaw.
The Hacker News

Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution

Researchers disclosed two n8n vulnerabilities that let authenticated users bypass JavaScript and Python sandboxes to run ...
TechRadar

This SmarterMail vulnerability allows Remote Code Execution - here's what we know

SmarterMail patched CVE-2025-52691, a maximum-severity RCE flaw allowing unauthenticated arbitrary file uploads Exploitation could let attackers deploy web shells or malware, steal data, and pivot ...
CSO Online

Contagious Interview turns VS Code into an attack vector

Threat actors behind the campaign are abusing Microsoft Visual Studio Code’s trusted workflows to execute and persist ...
TechRadar

This WebUI vulnerability allows remote code execution - here's how to stay safe

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Open WebUI carried CVE-2025-64496, a high-severity code injection flaw in Direct Connection ...