SecurityWeek

VMware Aria Operations Vulnerability Could Allow Remote Code Execution

Broadcom has released patches for several vulnerabilities affecting VMware Aria Operations, including high-severity flaws.
Windows Latest

Microsoft confirms 8.8-rated security issue in Windows 11 Notepad due to modernization efforts, Patch Tuesday fix rolling out

Microsoft confirms CVE-2026-20841, a Remote Code Execution flaw in Windows 11 Notepad via Markdown links. Patch now rolling ...
The Hacker News

Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution

Critical CVE-2026-2329 flaw in Grandstream GXP1600 VoIP phones enables unauthenticated RCE, call interception, and credential ...
SecurityWeek

BeyondTrust Vulnerability Targeted by Hackers Within 24 Hours of PoC Release

Threat actors began targeting a recently patched BeyondTrust vulnerability shortly after a proof-of-concept (PoC) exploit was released.

Windows 11 Notepad flaw let files execute silently via Markdown links

Microsoft has fixed a "remote code execution" vulnerability in Windows 11 Notepad that allowed attackers to execute local or ...

Critical BeyondTrust RCE flaw now exploited in attacks, patch now

A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access ...
ExtremeTech

LastPass exploit allows remote code execution and password theft

LastPass bills itself as a way to simplify your life by storing all your passwords and account details in one place. However, it's looking a little less convenient now, as the service deals with its ...
WinBuzzer

10,000+ Claude Desktop Users Exposed by Zero-Click Flaw

A zero-click vulnerability in Claude Desktop Extensions has exposed over 10,000 users to remote code execution through ...
GIGAZINE

Exploit ``BLASTPASS'', which allows arbitrary code to be executed simply by receiving a malicious file on the iPhone, has been discovered, and Apple has distributed a software ...

The Citizen Lab, a security laboratory at the University of Toronto, has revealed the existence of a zero-click, zero-day iPhone exploit chain called BLASTPASS. It is also said to have been used to ...