The Hacker News

CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog

CISA adds an actively exploited SolarWinds Web Help Desk RCE flaw to KEV, ordering federal agencies to patch by February 2026 ...
Infosecurity Magazine

SolarWinds Web Help Desk Vulnerability Actively Exploited

A US security agency has warned SolarWinds Web Help Desk users that a remote code execution (RCE) vulnerability patched by the vendor last week is being actively exploited.
SecurityWeek

DockerDash Flaw in Docker AI Assistant Leads to RCE, Data Theft

The critical Docker Ask Gordon bug named DockerDash can be exploited via malicious metadata labels to compromise Docker ...
SecurityWeek

Fresh SolarWinds Vulnerability Exploited in Attacks

CISA warns that a fresh critical-severity SolarWinds vulnerability leading to unauthenticated RCE has been exploited in attacks.
The Hacker News

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

Active attacks exploit Metro4Shell (CVE-2025-11953) in React Native CLI to execute commands and deploy Rust malware.
Dark Reading

Google Looker Bugs Allow Cross-Tenant RCE, Data Exfil

Attackers could even have used one vulnerable Lookout user to gain access to other Google Cloud tenants' environments.
Que.com on MSN

SmarterMail patches critical unauthenticated RCE flaw rated CVSS 9.3

SmarterMail administrators have an urgent security update to prioritize: a critical unauthenticated remote code execution (RCE) vulnerability with a CVSS ...
The Register on MSN

OpenClaw patches one-click RCE as security Whac-A-Mole continues

Researchers disclose rapid exploit chain that let attackers run code via a single malicious web page Security issues continue ...
WinBuzzer

OpenClaw Security Fallout: 341 Malicious Skills and Enabling One-Click Remote Code Execution

OpenClaw has exposed users to critical security vulnerabilities, including CVE-2026-25253 enabling one-click remote code ...