The Hacker News

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

Claude Code flaws allow remote code execution and API key theft via untrusted repositories; three bugs fixed across 2025–2026 releases.

Inside the story of the US defense contractor who leaked hacking tools to Russia

The former boss of a U.S. hacking tools maker was jailed for selling highly sensitive software exploits to a Russian broker.
ZDNet

These 4 critical AI vulnerabilities are being exploited faster than defenders can respond

As AI adoption speeds ahead, major security flaws remain unsolved. Users and businesses should stay up to date on vulnerabilities. These four major issues still plague AI integration. AI systems are ...
Game Rant

ARC Raiders Players Find Yet Another Game-Breaking Exploit

After completing a degree in Film, Television, and Cultural Studies at Manchester Metropolitan University, I decided to pursue my love of writing and video games by entering the world of video game ...
GitHub

phamdinhquy2512/CVE-2025-6019-Exploitation

This repository documents an educational reproduction of CVE-2025-6019 performed in a controlled lab environment (Ubuntu VM, non-production). This research reproduces CVE-2025-6019 in a sandboxed ...
Dark Reading

Microsoft Patches 6 Actively Exploited Zero-Days

Attackers are already actively exploiting six of the 59 vulnerabilities Microsoft disclosed in its latest security update, meaning security teams will need to treat February's Patch Tuesday more as an ...
HotHardware

Microsoft Office Zero-Day Exploited Days After Emergency Patch, Update ASAP

Microsoft Office is victim to a critical zero-day exploit, and Russian hacker groups are already weaponizing it in destabilizing efforts toward the Ukrainian government. While Westerners and most ...
Ars Technica

Microsoft releases urgent Office patch. Russian-state hackers pounce.

Russian-state hackers wasted no time exploiting a critical Microsoft Office vulnerability that allowed them to compromise the devices inside diplomatic, maritime, and transport organizations in more ...
CSOonline

Russian hackers exploited a critical Office bug within days of disclosure

Within days of Microsoft patching a critical Office zero-day, the Russia-linked group “APT28” was already exploiting the flaw in a live campaign tracked as Operation Neusploit. Russia-linked attackers ...
Bleeping Computer

Hackers exploit critical React Native Metro bug to breach dev systems

Hackers are targeting developers by exploiting the critical vulnerability CVE-2025-11953 in the Metro server for React Native to deliver malicious payloads for Windows and Linux. On Windows, an ...
The Hacker News

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "@react-native-community/cli" npm package. Despite more than a month after ...