The Hacker News

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

Claude Code flaws allow remote code execution and API key theft via untrusted repositories; three bugs fixed across 2025–2026 releases.

Mail2Shell zero-click attack lets hackers hijack FreeScout mail servers

A maximum severity vulnerability in the FreeScout helpdesk platform allows hackers to achieve remote code execution without any user interaction or authentication.
SecurityWeek

VMware Aria Operations Vulnerability Could Allow Remote Code Execution

Broadcom has released patches for several vulnerabilities affecting VMware Aria Operations, including high-severity flaws.
CSO Online

Flaws in four popular VS Code extensions left 128 million installs open to attack

Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.

Super Nested Claude Code Offers Next Level Vibe Coding

Nested Claude Code runs parallel tasks through Tmux; auto-picks terminal count and routes input, with real-time activity logs ...
Nature

Secure Software Execution and Code Reuse Attacks

Secure software execution has become a critical concern as modern computing systems, ranging from embedded devices to enterprise platforms, face increasingly sophisticated adversaries. Recent studies ...

How Does Smart Contract Vulnerability Scanning Use AI-Driven Static And Dynamic Code Analysis?

How does AI improve Smart Contract Vulnerability Scanning? We analyze the difference between Static and Dynamic code analysis ...
Security Boulevard

Update Chrome now: Zero-day bug allows code execution via malicious webpages

Google has released an emergency update to patch an actively exploited zero-day—the first Chrome zero-day of the year.