The Hacker News

Critical Gogs RCE Vulnerability Lets Any Authenticated User Execute Arbitrary Code

A critical security vulnerability has been disclosed in Gogs, a popular open-source self-hosted Git service, that allows an ...
Morning Overview on MSN

An 18-year-old heap buffer overflow in NGINX gives attackers remote code execution — billions of devices run the affected module

A single rewrite rule, the kind pasted into NGINX configurations thousands of times a day, can hand an unauthenticated ...
InfoWorld

13 new critical holes in JavaScript sandbox allow execution of arbitrary code

Thirteen critical vulnerabilities have been found in the vm2 JavaScript sandbox package that could allow an attacker’s code to escape the container and do nasty things to IT environments. As a result, ...
Dark Reading

'TrustFall' Convention Exposes Claude Code Execution Risk

Developers using the latest versions of AI coding tools like Claude Code, Cursor CLI, Gemini CLI, and CoPilot CLI could inadvertently execute malicious code on their systems with a single keypress, or ...
The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

A dozen critical security vulnerabilities have been disclosed in the vm2 Node.js library that could be exploited by bad actors to break out of the sandbox and execute arbitrary code on susceptible ...
Bleeping Computer

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary code on the host system. The security issue is tracked as CVE-2026-26956 and ...
Austin American-Statesman

What to know about James Broadnax’s case before his execution in Texas

A Texas death row inmate is scheduled to be executed Thursday unless the U.S. Supreme Court intervenes at the last minute. Here’s what to know about the case of James Broadnax and his final appeal.
The Verge

GitHub rushed to fix a critical vulnerability in less than six hours

A critical remote code execution vulnerability was discovered using an AI model and patched within hours. A critical remote code execution vulnerability was discovered using an AI model and patched ...
Tampa Bay Times

Florida death row inmate says he’s innocent. His execution is scheduled Thursday

James Hitchcock has lived under a death sentence for nearly half a century. On Thursday, the U.S. Supreme Court declined to stay his execution. James Hitchcock appears in Florida prison mug shots ...
Dark Reading

Google Fixes Critical RCE Flaw in AI-Based 'Antigravity' Tool

Google has fixed a critical flaw in its agentic integrated developer environment (IDE) Antigravity that led to sandbox escape and remote code execution (RCE) after researchers created a proof of ...
InfoQ

Cloudflare Launches Code Mode MCP Server to Optimize Token Usage for AI Agents

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...