SecurityWeek

Critical Triofox Vulnerability Exploited in the Wild

A threat actor exploited a critical vulnerability in Triofox to obtain remote access to a vulnerable server and then achieve code execution.
TechSpot

Two critical flaws put 7-Zip users at risk of remote code execution

In a nutshell: The 7-Zip file archiver is a popular open-source alternative to paid programs like WinZip and WinRAR. Widely used by both organizations and individuals, it has also become a frequent ...
Bleeping Computer

TARmageddon flaw in abandoned Rust library enables RCE attacks

A high-severity vulnerability in the now-abandoned async-tar Rust library and its forks can be exploited to gain remote code execution on systems running unpatched software. Tracked as CVE-2025-62518, ...
Ars Technica

Claude Code gets a web version—but it’s the new sandboxing that really matters

Anthropic has added web and mobile interfaces for Claude Code, its immensely popular command-line interface (CLI) agentic AI coding tool. The web interface appears to be well-baked at launch, but the ...
Bleeping Computer

Hackers launch mass attacks exploiting outdated WordPress plugins

A widespread exploitation campaign is targeting WordPress websites with GutenKit and Hunk Companion plugins vulnerable to critical-severity, old security issues that can be used to achieve remote code ...
ZATAZ

7-Zip vulnerabilities: directory escape and remote execution

Two flaws in 7-Zip allow working-directory escape through symlinks inside malicious ZIPs. Update immediately or disable automatic extraction to mitigate risk. Two vulnerabilities, CVE-2025-11001 and ...
Infosecurity-magazine.com

Critical WatchGuard Fireware OS Flaw Enables Remote Code Execution

A critical vulnerability (CVSS4.0 9.3) in WatchGuard Fireware OS has been identified that could allow a threat actor to remotely execute arbitrary code. The bug, tracked as CVE-2025-9242, is an out-of ...
Hosted on MSN

Execution of Mississippi death row inmate will proceed, governor says

One win from first World Series, Mariners send Gilbert to mound in ALCS Game 6 at Toronto Trump wants to ‘end’ largest US infrastructure project, a tunnel between NY and NJ Country music star Mark ...
ExtremeTech

Anthropic’s Claude AI Can Now Learn Custom 'Skills'

Anthropic has announced a new functionality called "Skills" that aims to improve the Claude AI model's handling of specialized tasks across apps, code, and API environments. Each Skill functions like ...
VentureBeat

How Anthropic’s ‘Skills’ make Claude faster, cheaper, and more consistent for business workflows

Anthropic launched a new capability on Thursday that allows its Claude AI assistant to tap into specialized expertise on demand, marking the company's latest effort to make artificial intelligence ...
heise online

Microsoft WSUS: Emergency Update Patches Critical Code Injection Vulnerability

On Friday morning, Microsoft released an emergency update for a critical security vulnerability in WSUS. An exploit has been spotted. Microsoft released an out-of-band update for Windows Server Update ...