arbitrary code execution

Google released a Chrome security update fixing two high-severity flaws that could enable code execution or crashes via malicious websites.
The Hacker News

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

Claude Code flaws allow remote code execution and API key theft via untrusted repositories; three bugs fixed across 2025–2026 releases.
InfoWorld

Flaws in four popular VS Code extensions left 128 million installs open to attack

Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.
TechRepublic

10K Claude Desktop Users Exposed by Zero-Click Vulnerability

A newly disclosed flaw in Anthropic’s Claude Desktop Extensions shows how a routine productivity feature can enable zero-click system compromise. LayerX researchers found that a single malicious ...
SecurityWeek

Claude Code Flaws Exposed Developer Devices to Silent Hacking

Vulnerabilities in Anthropic’s Claude Code tool could have allowed attackers to silently gain control of a developer’s computer.
Infosecurity-magazine.com

Malicious Commands in GitHub Codespaces Enable RCE

A set of attack vectors in GitHub Codespaces have been uncovered that enable remote code execution (RCE) by opening a malicious repository or pull request. The findings by Orca Security, show how ...
Geeky Gadgets

Gemini 3 Agentic Vision Proves Image Analysis Needs Reasoning Not Guesswork

What if you could transform complex images into actionable insights with just a few clicks? That’s exactly what Google Gemini 3’s Agentic Vision promises to deliver, an innovative way to analyze, ...
heise online

OpenSSL: 12 security gaps, one allows malicious code execution and is critical

12 security vulnerabilities have been discovered in OpenSSL – using AI tools. One of them is considered critical. Updated software is available. The remaining ten vulnerabilities were classified as ...
TechRadar

Claude desktop extension can be hijacked to send out malware by a simple Google Calendar event

LayerX warns Claude Desktop Extensions enable zero-click prompt injection attacks Extensions run unsandboxed with full system privileges, risking remote code execution Flaw rated CVSS 10/10, appears ...
ExtremeTech

Microsoft Fixes Windows 11 Bug That Let Attackers Run Remote Code in Notepad

Share on Facebook (opens in a new window) Share on X (opens in a new window) Share on Reddit (opens in a new window) Share on Hacker News (opens in a new window) Share on Flipboard (opens in a new ...
TechRadar

Microsoft patches concerning Windows 11 Notepad security flaw - Markdown issues could have let hackers slip in malware without warning

Microsoft patches Windows 11 Notepad RCE flaw CVE-2026-20841 Vulnerability exploited Markdown links to execute malicious code with user permissions Patch Tuesday update fixes issue; versions 11.2510 ...
heise online

AI Bot: OpenClaw (Moltbot) with high-risk code smuggling vulnerability

The AI bot OpenClaw, also known as Moltbot, can do a lot on user computers. A code smuggling vulnerability within it is therefore all the more serious. This is therefore a 1-click code smuggling ...