The Hacker News

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

Claude Code flaws allow remote code execution and API key theft via untrusted repositories; three bugs fixed across 2025–2026 releases.

Mail2Shell zero-click attack lets hackers hijack FreeScout mail servers

A maximum severity vulnerability in the FreeScout helpdesk platform allows hackers to achieve remote code execution without any user interaction or authentication.

Trend Micro warns of critical Apex One code execution flaws

Trend Micro has patched two critical Apex One vulnerabilities that allow attackers to gain remote code execution (RCE) on vulnerable Windows systems.
GovInfoSecurity

Malicious Repo Files Could Hijack Claude Code Sessions

Check Point research found three critical flaws in Anthropic's Claude Code that allow attackers to execute arbitrary commands and steal API keys through repository ...
Infosecurity Magazine

Zero-Click FreeScout Bug Enables Remote Code Execution

Ox Security warns that Mail2Shell could enable threat actors to hijack FreeScout systems without user interaction ...
The Register on MSN

Notepad's new Markdown powers served with a side of remote code execution

Smug faces across all those who opposed the WordPad-ification of Microsoft's humble text editor Just months after Microsoft ...
Ars Technica

Hundreds of e-commerce sites hacked in supply-chain attack

Hundreds of e-commerce sites, at least one owned by a large multinational company, were backdoored by malware that executes malicious code inside the browsers of visitors, where it can steal payment ...
SecurityWeek

VMware Aria Operations Vulnerability Could Allow Remote Code Execution

Broadcom has released patches for several vulnerabilities affecting VMware Aria Operations, including high-severity flaws.

Super Nested Claude Code Offers Next Level Vibe Coding

Nested Claude Code runs parallel tasks through Tmux; auto-picks terminal count and routes input, with real-time activity logs ...