The Hacker News

Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign

Over 1,000 exposed ComfyUI instances exploited via unauthenticated code execution, enabling Monero mining and botnet expansion.
CSO Online

Vim and GNU Emacs: Claude Code helpfully found zero-day exploits for both

A simple prompt sent Claude Code on a mission that uncovered major security vulnerabilities in popular text editors — and ...

Hackers exploit critical flaw in Ninja Forms WordPress plugin

A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution.
CSOonline

Microsoft demonstrates remote code execution exploit against PLCs that support CODESYS

Researchers from Microsoft have demonstrated how programmable logic controllers (PLCs) that support the CODESYS runtime can be taken over by exploiting high-severity remote code execution (RCE) ...
SecurityWeek

Hackers Targeting Critical Ninja Forms Bug That Exposes WordPress Sites to Takeover

The vulnerability allows hackers to upload arbitrary files to a site’s server and achieve remote code execution.
Bleeping Computer

Cisco warns of critical switch bugs with public exploit code

Cisco warned customers today of four critical remote code execution vulnerabilities with public exploit code affecting multiple Small Business Series Switches. All four security flaws received almost ...
XDA Developers on MSN

Flatpak 1.16.4 patches a critical flaw that gave apps full host access

Grab the update as soon as you can.