The Hacker News

Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices

SAP patches two critical flaws (CVSS 9.8, 9.1) affecting FS-QUO and NetWeaver, preventing remote code execution risks in enterprise systems.
The Hacker News

Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials

Two critical n8n flaws (CVSS 9.4, 9.5) enable RCE via expression sandbox escape and public forms, risking credential exposure.

Chrome emergency update: Two attacked code-injection vulnerabilities patched

Google released an emergency update for Chrome on Friday night. It patches two security vulnerabilities that were attacked on the internet.

SAP Patch Day: NetWeaver vulnerability allows code injection

In March, SAP addresses partly critical security vulnerabilities in various products in 15 advisories. Admins must act.
TechJuice

Researchers Claim Malicious Repositories Turn Claude Code Into an Ideal Hacker’s Tool

Security researchers disclose critical vulnerabilities in Anthropic’s Claude Code that allow remote code execution and credential theft.
ZDNet

23andMe and JFrog partner to solve code injection vulnerability

Security researchers at JFrog worked with biotechnology company 23andMe to address a vulnerability with Yamale, a tool written by the company and used by over 200 repositories. The smartest companies ...
Hosted on MSN

CISA flags actively exploited Office relic alongside fresh HPE flaw

CISA has added a pair of security holes to its actively exploited list, warning that attackers are now abusing a maximum-severity bug in HPE's OneView management software and a years-old flaw in ...