Fox News

Ukraine makes fastest gains in years as Russia talks stall, exploiting cracks in Kremlin ...

As U.S.-backed negotiations between Russia and Ukraine in Geneva ended without a breakthrough, Kyiv made gains on the battlefield, recapturing territory at its fastest pace in years through localized ...
Infosecurity-magazine.com

Malicious Commands in GitHub Codespaces Enable RCE

A set of attack vectors in GitHub Codespaces have been uncovered that enable remote code execution (RCE) by opening a malicious repository or pull request. The findings by Orca Security, show how ...
The Hacker News

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "@react-native-community/cli" npm package. Despite more than a month after ...
GitHub

FortiWeb Remote Code Execution (RCE) Exploit via CVE-2025-64446 + CVE-2025-58034 Chain

An authenticated attacker (using the account created in step 1) can execute arbitrary OS commands as root via crafted HTTP requests. By combining these two vulnerabilities, an attacker can go from ...
Dark Reading

More Problems for Fortinet: Critical FortiSIEM Flaw Exploited

The year has barely begun, but 2026 is already in familiar territory for Fortinet customers, as a new vulnerability has come under attack. On Jan. 13, Fortinet disclosed a critical flaw in its ...
Bleeping Computer

Exploit code public for critical FortiSIEM command injection flaw

Technical details and a public exploit have been published for a critical vulnerability affecting Fortinet's Security Information and Event Management (SIEM) solution that could be leveraged by a ...
The Hacker News

Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers

A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild. The vulnerability, tracked as CVE-2026-0625 (CVSS score: 9.3), concerns a ...
thecyberexpress

Sanctioned Spyware Vendor Used iOS Zero-Day Exploit Chain Against Egyptian Targets

Google Threat Intelligence Group discovered a full iOS zero-day exploit chain deployed in the wild against targets in Egypt, revealing how sanctioned commercial surveillance vendor Intellexa continues ...
SecurityWeek

Pwn2Own WhatsApp Hacker Says Exploit Privately Disclosed to Meta

A total of $1,024,750 has been paid out at the Pwn2Own Ireland 2025 hacking contest organized by Trend Micro’s Zero Day Initiative (ZDI), but the event has been overshadowed by the last-minute ...
CSOonline

Apple bumps RCE bug bounties to $2M to counter commercial spyware vendors

In light of new memory safety features added to Apple’s latest iPhone chips that make entire classes of exploits harder to pull off, the company has revamped its bug bounty program to double or ...
bitnewsbot

Critical Figma MCP Vulnerability Allows Remote Code Execution Exploit

A command injection vulnerability was found in the figma-developer-mcp Model Context Protocol (MCP) server. The flaw could allow attackers to run arbitrary system commands and achieve remote code ...