The Hacker News

Claude Code Flaws Allow Remote Code Execution and API Key Exfiltration

Claude Code flaws allow remote code execution and API key theft via untrusted repositories; three bugs fixed across 2025–2026 releases.
TechJuice

Researchers Claim Malicious Repositories Turn Claude Code Into an Ideal Hacker’s Tool

Security researchers disclose critical vulnerabilities in Anthropic’s Claude Code that allow remote code execution and credential theft.

Google patches first Chrome zero-day of the year - so update now

A worrying Google Chrome bug was patched ...
WinBuzzer

10,000+ Claude Desktop Users Exposed by Zero-Click Flaw

A zero-click vulnerability in Claude Desktop Extensions has exposed over 10,000 users to remote code execution through ...
SecurityWeek

VMware Aria Operations Vulnerability Could Allow Remote Code Execution

Broadcom has released patches for several vulnerabilities affecting VMware Aria Operations, including high-severity flaws.
SDxCentral

VU#148244: PandasAI interactive prompt function can be exploited to run arbitrary Python code through prompt injection, which can lead to remote code execution (RCE)

PandasAI, an open source project by SinaptikAI, has been found vulnerable to Prompt Injection attacks. An attacker with access to the chat prompt can craft malicious input that is interpreted as code, ...