A newly disclosed flaw in Anthropic’s Claude Desktop Extensions shows how a routine productivity feature can enable zero-click system compromise. LayerX researchers found that a single malicious ...

BeyondTrust warned customers to patch a critical security flaw in its Remote Support (RS) and Privileged Remote Access (PRA) software that could allow unauthenticated attackers to execute arbitrary ...

Google released a Chrome security update fixing two high-severity flaws that could enable code execution or crashes via malicious websites.

A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js library that, if successfully exploited, could allow attackers to run arbitrary code on the underlying operating ...

Anthropic PBC’s official Git Model Context Protocol server has several security vulnerabilities that can lead to arbitrary file access and, in some scenarios, full remote code execution triggered ...

A critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in arbitrary code execution under certain circumstances. The ...

New research revealed security weaknesses in the .NET Framework that allow attackers to execute code remotely by exploiting mishandling of Simple Object Access Protocol (SOAP) messages. The findings ...

Windows doesn’t offer a single switch to disable Exploit Protection completely. You can only disable individual mitigations system-wide or per app. We strongly recommend turning it off only for ...

I noticed that the ExecuterAgent executes LLM-generated Python and Bash code directly on the host machine using subprocess.Popen. This is a significant security risk. Beyond the danger of a buggy ...

Oasis Security has uncovered a flaw in the widely used AI-powered code editor Cursor that lets malicious repositories silently execute code the moment a developer opens them. According to a disclosure ...

As agents become integrated with more advanced functionality, such as code generation, you will see more Remote Code Execution (RCE)/Command Injection vulnerabilities in LLM applications. However, ...