The Hacker News

F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution

F5 fixes CVE-2026-42530 and CVE-2026-42055 in NGINX Open Source, addressing HTTP/3 and HTTP/2 flaws that could allow remote ...

Malicious Hugging Face Models Could Trigger Remote Code Execution

A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI supply chain risks.
Bleeping Computer

CISA: BeyondTrust RCE flaw now exploited in ransomware attacks

Hackers are actively exploiting the CVE-2026-1731 vulnerability in the BeyondTrust Remote Support product, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns. The security issue ...
CSOonline

Flowise’s MCP implementation can run ghost commands

A 9.9-severity vulnerability in Flowise’s MCP stdio implementation can allow attackers to achieve remote code execution in self-hosted deployments. Enterprises using the lightweight, open-source ...
Redmond Magazine

Microsoft Disrupts StegoAd Extension Campaign Affecting Up to 2.6 Million Users

Microsoft disrupted StegoAd, a malicious browser extension campaign affecting up to 2.6 million users. StegoAd used hidden payloads, delayed execution and steganography to evade browser security ...