Morning Overview on MSN

A critical Apache HTTP/2 flaw gives attackers a working proof-of-concept for remote code execution on millions of servers

A vulnerability in Apache HTTP Server’s HTTP/2 protocol handling now has working exploit code circulating among security ...
The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary ...

Critical vulnerability in Ruby's standard library ERB:attackers can execute code

The Ruby vulnerability is not easy to exploit, but allows an attacker to read sensitive data, start code, and install backdoors.
SecurityWeek

Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack

Attackers could inject prompts into a GitHub issue and take over the AI agent designed to automatically triage the issue.

GitHub patches critical 'git push' remote code execution bug

Microsoft-owned open source code hosting platform GitHub has acknowledged and patched a critical vulnerability that allowed ...
SecurityWeek

Critical Remote Code Execution Vulnerability Patched in Android

Google announced on Monday the release of an Android update patching a critical vulnerability that can be exploited for ...