The Hacker News

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

Claude Code flaws allow remote code execution and API key theft via untrusted repositories; three bugs fixed across 2025–2026 releases.
CSOonline

Microsoft demonstrates remote code execution exploit against PLCs that support CODESYS

Researchers from Microsoft have demonstrated how programmable logic controllers (PLCs) that support the CODESYS runtime can be taken over by exploiting high-severity remote code execution (RCE) ...
SecurityWeek

CISA Adds iOS Flaws From Coruna Exploit Kit to KEV List

CISA has expanded the Known Exploited Vulnerabilities catalog with three bugs targeted by the nation-state-grade Coruna iOS exploit kit.
The Hacker News

Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting iOS 13–17.2.1

Google uncovered Coruna iOS exploit kit with 23 exploits across five chains targeting iPhones running iOS 13–17.2.1.
Infosecurity-magazine.com

Exploit Code Released For Critical Fortra GoAnywhere Bug

Threat actors could soon strike after a proof-of-concept exploit was published for a critical vulnerability in managed file transfer (MFT) software Fortra GoAnywhere MFT yesterday. Horizon3 published ...
CSO Online

Coruna iOS exploit kit moved from spy tool to mass criminal campaign in under a year

Google and iVerify researchers say the case points to a thriving secondary market for high-end zero-day exploits.
Dark Reading

Attackers Exploit Citrix Zero-Day Bug to Pwn NetScaler ADC, Gateway

Cyberattackers are actively exploiting a critical remote code execution (RCE) bug in several versions of Citrix's NetScaler ADC and NetScaler Gateway application delivery and remote access ...
TechCrunch

Researchers say easy-to-exploit security bugs in ConnectWise remote-access software now under mass attack

Security researchers say a pair of easy-to-exploit flaws in a popular remote-access tool used by more than a million companies around the world are now being mass exploited, with hackers abusing the ...