Communications of the ACM

Safe Coding

Safe coding is a collection of software design practices and patterns that allow for cost-effectively achieving a high degree ...

Notepad++: Security update against code smuggling vulnerability

Notepad++ improves security mechanisms and closes a new vulnerability that allows attackers to execute malicious code.
Security Boulevard

Top Security Incidents of 2025: Chrome Browser 0-Day Vulnerability Exploitation

Background In March 2025, cybersecurity researchers disclosed a highly sophisticated targeted attack campaign named “Operation ForumTroll.” Orchestrated by an unidentified state-sponsored APT group, ...
TechRepublic

10K Claude Desktop Users Exposed by Zero-Click Vulnerability

A newly disclosed flaw in Anthropic’s Claude Desktop Extensions shows how a routine productivity feature can enable zero-click system compromise. LayerX researchers found that a single malicious ...
TechRepublic

arbitrary code execution

Google released a Chrome security update fixing two high-severity flaws that could enable code execution or crashes via malicious websites. Explore Get the web's best ...
SecurityWeek

N8n Vulnerabilities Could Lead to Remote Code Execution

The two bugs impacted n8n’s sandbox mechanism and could be exploited via weaknesses in the AST sanitization logic. Two critical- and high-severity vulnerabilities in the n8n AI workflow automation ...
CSOonline

Critical RCE bugs expose the n8n automation platform to host‑level compromise

A JavaScript sandbox bug rated CVSS 9.9 enables attackers to bypass AST‑based protections, while a Python execution bypass affects internal‑mode deployments common in enterprise setups. Two critical ...
The Hacker News

Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution

A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library that, if successfully exploited, could allow attackers to run arbitrary code on the underlying operating ...
SiliconANGLE

Anthropic’s official Git MCP server hit by chained flaws that enable file access and code ...

Anthropic PBC’s official Git Model Context Protocol server has several security vulnerabilities that can lead to arbitrary file access and, in some scenarios, full remote code execution triggered ...
The Hacker News

Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances

A critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in arbitrary code execution under certain circumstances. The ...
SecurityWeek

Ivanti EPM Update Patches Critical Remote Code Execution Flaw

The XSS vulnerability could allow remote attackers to execute arbitrary JavaScript code with administrator privileges. Ivanti on Tuesday announced patches for four vulnerabilities in Endpoint Manager ...
bitnewsbot

Critical SOAPwn Flaw Enables Remote Code Execution in .NET Apps

New research revealed security weaknesses in the .NET Framework that allow attackers to execute code remotely by exploiting mishandling of Simple Object Access Protocol (SOAP) messages. The findings ...