CSOonline

Notepad++ vulnerabilities could enable arbitrary code execution on Windows systems

Two flaws in the widely used open-source editor can be triggered through manipulated configuration files, prompting security updates from the project's maintainers. Two arbitrary code execution ...
Bleeping Computer

DrayTek warns of remote code execution bug in Vigor routers

Networking hardware maker DrayTek released an advisory to warn about a security vulnerability in several Vigor router models that could allow remote, unauthenticated actors to execute perform ...

Microsoft warns AI agents are being 'AutoJack'-ed to deliver RCE payloads

Three minor vulnerabilities chained together can cause a lot of trouble but Microsoft fixed it on time.
CSOonline

Cursor’s autorun lets hackers execute arbitrary code

Oasis Security has uncovered a flaw in the widely used AI-powered code editor Cursor that lets malicious repositories silently execute code the moment a developer opens them. According to a disclosure ...
Bleeping Computer

Critical vm2 sandbox bug lets attackers execute code on hosts

A critical vulnerability in the popular Node.js sandboxing library vm2 allows escaping the sandbox and executing arbitrary code on the host system. The security issue is tracked as CVE-2026-26956 and ...
SDxCentral

VU#148244: PandasAI interactive prompt function can be exploited to run arbitrary Python code through prompt injection, which can lead to remote code execution (RCE)

PandasAI, an open source project by SinaptikAI, has been found vulnerable to Prompt Injection attacks. An attacker with access to the chat prompt can craft malicious input that is interpreted as code, ...