The Hacker News

Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability

Active exploitation of BeyondTrust enables unauthenticated RCE as CISA adds Apple, Microsoft, SolarWinds, and Notepad++ flaws to KEV list.

Exploit available for new Chrome zero-day vulnerability, says Google

Threat actors now have the ability to exploit a new zero-day vulnerability in the Chrome browser, Google has advised IT ...
ITWire

Tenable Research Uncovers Remote Code Execution Vulnerability in Oracle Code Editor and its Integrated Services

GUEST RESEARCH: Tenable, the exposure management company, has identified a Remote Code Execution (RCE) vulnerability in Oracle Cloud Infrastructure (OCI) Code Editor, a service designed for developers ...
SiliconIndia

Tenable Research Uncovers Remote Code Execution Vulnerability in Oracle Code Editor and its Integrated Services

The RCE vulnerability enables threat actors to silently hijack a victim's Cloud Shell environment, with just one click by the victim and potentially move across other OCI services. Once compromised, ...
The Hacker News

BeyondTrust Fixes Critical Pre-Auth RCE Vulnerability in Remote Support and PRA

BeyondTrust fixes CVSS 9.9 pre-auth RCE flaw (CVE-2026-1731) in Remote Support and PRA; 11,000 instances exposed.
heise online

MCPoison: Vulnerability in Cursor IDE – Execute arbitrary code via MCP

Due to a lack of security checks, attackers can change MCP configurations in the Cursor IDE to execute arbitrary code. In the case of the vulnerability named MCPoison by the security analysts, which ...

Microsoft fixes dozens of security flaws in Windows, Office, and Azure

This month's big batch of security updates addresses nearly 60 vulnerabilities across Microsoft's various products and ...