The Hacker News

LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution

Three patched LangGraph flaws could let attackers chain SQL injection and unsafe deserialization for RCE in self-hosted ...
SecurityWeek

Hackers Exploit Langflow Vulnerability for Remote Code Execution

Hackers are exploiting CVE-2026-5027, a high-severity path traversal issue in Langflow, for remote code execution.

Gogs patches critical zero-day enabling remote code execution

Gogs has patched a critical security zero-day flaw that can allow attackers to compromise Internet-facing instances and ...

Malicious Hugging Face Models Could Trigger Remote Code Execution

A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI ...

Microsoft patches a record 206 flaws—and one is already being exploited

Microsoft's June Patch Tuesday fixed a record 206 vulnerabilities, including an actively exploited Windows Defender flaw.
CSO Online

Oracle PeopleSoft zero‑day fuels ShinyHunters extortion spree

Attackers leveraged a critical unauthenticated RCE bug to breach higher‑ed institutions, deploy stealth remote access tools, ...

Ivanti: Max severity Sentry flaw allows code execution as root

Ivanti has patched two critical vulnerabilities in its Sentry secure mobile gateway solution, including a maximum-severity ...
MSN on MSN

Hackers are exploiting a maximum-severity bug in a WordPress form plugin on thousands of sites, running their own code with no login required

Thousands of WordPress sites running the Kali Forms plugin are exposed to attackers who can execute arbitrary code on web ...
Tom's Hardware on MSN

AMD denies researcher a $10,000 bug bounty after fixing critical auto-updater vulnerability

Quis renovatores renovat — who updates the updater?
TechBooky

Gogs Fixes Critical Zero-Day Bug That Enabled Remote Code Execution

A serious security zero-day vulnerability that may give hackers privilege and access to any repository (including private ...