Code execution possible: critical vulnerability in Windows Server exploited

The large May patch package had fixed the vulnerability in Windows Netlogon, now attackers are exploiting it. Admins should ...
Bleeping Computer

Critical Windows Netlogon RCE flaw now exploited in attacks

The Centre for Cybersecurity Belgium (CCB), the country's national authority for cybersecurity, warned on Friday that threat actors are now exploiting a recently patched critical Windows Netlogon ...
Bleeping Computer

New Gogs zero-day flaw lets hackers get remote code execution

An unpatched zero-day vulnerability in the Gogs self-hosted Git service can allow attackers to gain remote code execution (RCE) on Internet-facing instances. Designed as an alternative to GitHub ...
SecurityWeek

Exploit Code Published for Critical Flowise RCE Vulnerability

Proof-of-concept (PoC) code has been published for a one-click RCE vulnerability in open source LLM building platform Flowise.
The Hacker News

Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an ...
SecurityWeek

Gogs Zero-Day Exposes Servers to Remote Code Execution

Open source Git service Gogs is affected by a critical-severity zero-day vulnerability that exposes servers to remote code execution.
Morning Overview on MSN

Ivanti patches a high-severity zero-day in Endpoint Manager that gave attackers remote code execution in targeted attacks

Ivanti has released emergency patches for its Endpoint Manager Mobile platform after confirming that attackers exploited a previously unknown vulnerability to execute code remotely on targeted servers ...

GitHub says internal repos exfiltrated after poisoned VS Code extension attack

GitHub, the world's biggest code repository and DevOps platform, fell victim to a malicious Visual Studio Code (VS Code) ...
Morning Overview on MSN

LiteLLM just fell to a full-chain Pwn2Own exploit combining SSRF and code injection — researchers took full system control

A team of security researchers chained two vulnerabilities in LiteLLM, the popular open-source proxy that routes enterprise traffic to large language model providers, and walked away with arbitrary ...
HotHardware

Microsoft Windows Server Update Service Is Under Attack, What You Need To Know

Windows Server 2025 is currently open to a Remote Code Execution exploit via the Windows Update Service, and at the time of this writing a fix from Microsoft has yet to fully patch the issue. Reports ...
TechSpot

Call of Duty: WWII pulled from PC Game Pass after remote hacking exploit discovered

What just happened? Just days after its arrival on PC Game Pass, Call of Duty: WWII has been pulled offline. The abrupt removal follows a surge of reports from the gaming community about a critical ...
CSOonline

Putting AI-assisted ‘vibe hacking’ to the test

Valuable tools for experienced attackers and researchers, LLMs are not yet capable of creating exploits at a prompt, researchers found in a test of 50 AI models — some of which are getting better ...