The Hacker News

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

Claude Code flaws allow remote code execution and API key theft via untrusted repositories; three bugs fixed across 2025–2026 releases.
CoinDesk

AI tool catches critical XRP Ledger bug that could have drained wallets

The vulnerability in the Batch amendment's signature validation was found during the voting phase and never reached mainnet, but the exploit path was severe enough that validators were immediately ...
The Hacker News

Wormable XMRig Campaign Uses BYOVD Exploit and Time-Based Logic Bomb

Researchers uncover wormable XMRig campaign using BYOVD exploit and LLM-built React2Shell attacks hitting 90+ hosts.
Dark Reading

Attackers Use New Tool to Scan for React2Shell Exposure

Researchers say threat actors used the sophisticated — and unfortunately named — toolkit to target high-value networks for React2Shell exploitation.
SecurityWeek

API Threats Grow in Scale as AI Expands the Blast Radius

Most API vulnerabilities are fast, remote, and easy to exploit. Attackers take full advantage of these attributes.
ZDNet

These 4 critical AI vulnerabilities are being exploited faster than defenders can respond

As AI adoption speeds ahead, major security flaws remain unsolved. Users and businesses should stay up to date on vulnerabilities. These four major issues still plague AI integration. AI systems are ...
Dark Reading

Microsoft Patches 6 Actively Exploited Zero-Days

Attackers are already actively exploiting six of the 59 vulnerabilities Microsoft disclosed in its latest security update, meaning security teams will need to treat February's Patch Tuesday more as an ...
CSOonline

Attackers exploit decade‑old Windows driver flaw to shut down modern EDR defenses

Attackers abused a signed but long-revoked EnCase Windows kernel driver in a BYOVD attack to terminate all security tools. In a recent incident, attackers abused a legitimate but vulnerable Windows ...
Ars Technica

Microsoft releases urgent Office patch. Russian-state hackers pounce.

Russian-state hackers wasted no time exploiting a critical Microsoft Office vulnerability that allowed them to compromise the devices inside diplomatic, maritime, and transport organizations in more ...
CSOonline

Russian hackers exploited a critical Office bug within days of disclosure

Within days of Microsoft patching a critical Office zero-day, the Russia-linked group “APT28” was already exploiting the flaw in a live campaign tracked as Operation Neusploit. Russia-linked attackers ...
GitHub

test-add-more-org/lockfileless-log4shell-vulnerable-app

This repository contains a Spring Boot web application vulnerable to CVE-2021-44228, nicknamed Log4Shell. It uses Log4j 2.14.1 (through spring-boot-starter-log4j2 2.6.1) and the JDK 1.8.0_181. [+] ...
Bleeping Computer

Hackers exploit critical React Native Metro bug to breach dev systems

Hackers are targeting developers by exploiting the critical vulnerability CVE-2025-11953 in the Metro server for React Native to deliver malicious payloads for Windows and Linux. On Windows, an ...