10K Claude Desktop Users Exposed by Zero-Click Vulnerability

A zero-click flaw in Anthropic’s Claude Desktop Extensions allows attackers to trigger remote code execution via Google ...

Check for Windows 11 updates. Microsoft just patched a major Notepad vulnerability

Careful out there.
The Hacker News

Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability

Active exploitation of BeyondTrust enables unauthenticated RCE as CISA adds Apple, Microsoft, SolarWinds, and Notepad++ flaws to KEV list.
The Hacker News

Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution

Fortinet fixes critical FortiClientEMS SQL injection flaw (CVSS 9.1) enabling code execution; separate SSO bug actively ...

Microsoft plugs remote code vulnerability in Notepad app on Windows 11

Microsoft fixes a critical Notepad vulnerability in Windows 11 that could allow remote code execution via malicious Markdown files. Here are the details ...

Microsoft detects and fixes a dangerous vulnerability in the most unexpected place in Windows: Notepad

The dangerous CVE-2026-20841 vulnerability in Windows 11 Notepad proves once again that basic applications do not need ...
Business Wire

Code Security Startup Pixee Emerges From Stealth to Automate Code Hardening and Vulnerability Remediation for Developer Teams

Company’s first product, virtual code-hardening engineer pixeebot, is already in use at companies like DeltaStream, AGI Technology Partners and Nimi SAN FRANCISCO--(BUSINESS WIRE)--Pixee, creator of ...

ZAST.AI Raises $6M Pre-A to Scale "Zero False Positive" AI-Powered Code Security

ZAST.AI announced the completion of a $6 million Pre-A funding round led by Hillhouse Capital, bringing the company's total funding to nearly $10 million. This investment marks a significant ...
Ars Technica

Admins and defenders gird themselves against maximum-severity server vuln

Security defenders are girding themselves in response to the disclosure of a maximum-severity vulnerability disclosed Wednesday in React Server, an open-source package that’s widely used by websites ...
Hosted on MSN

This WebUI vulnerability allows remote code execution - here's how to stay safe

Open WebUI carried CVE-2025-64496, a high-severity code injection flaw in Direct Connection features Exploitation could enable account takeover and RCE via malicious model URLs and Functions API ...