The Hacker News

OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

A high-severity OpenClaw flaw allows one-click remote code execution via token theft and WebSocket hijacking; patched in ...
Hosted on MSN

Alleged 7-Zip arbitrary code execution exploit leaked to Twitter — the 7-Zip author claims this exploit not only isn't real but was generated by AI

Yesterday, user @NSA_Employee39 allegedly posted a zero-day exploit for the popular open-source file decompression utility 7-Zip on Twitter, only to have 7-Zip author Igor Pavlov swiftly dismiss it as ...
The Register on MSN

OpenClaw patches one-click RCE as security Whac-A-Mole continues

Researchers disclose rapid exploit chain that let attackers run code via a single malicious web page Security issues continue ...
SecurityWeek

Anthropic MCP Server Flaws Lead to Code Execution, Data Exposure

Vulnerabilities in Anthropic MCP server could be exploited via prompt injections to execute arbitrary code and read/delete arbitrary files.

Cisco fixes Unified Communications RCE zero day exploited in attacks

Cisco has fixed a critical Unified Communications and Webex Calling remote code execution vulnerability, tracked as CVE-2026-20045, that has been actively exploited as a zero-day in attacks.
Security Boulevard

CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Command Injection Vulnerability

Exploit code has been published for CVE-2025-64155, a critical command injection vulnerability affecting Fortinet FortiSIEM devices.Key takeaways:CVE-2025-64155 is a critical operating system (OS) ...
CSOonline

Microsoft demonstrates remote code execution exploit against PLCs that support CODESYS

Researchers from Microsoft have demonstrated how programmable logic controllers (PLCs) that support the CODESYS runtime can be taken over by exploiting high-severity remote code execution (RCE) ...