SecurityWeek

Hackers Exploit Langflow Vulnerability for Remote Code Execution

Hackers are exploiting CVE-2026-5027, a high-severity path traversal issue in Langflow, for remote code execution.
The Hacker News

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

Splunk issued security updates for a critical CVSS 9.8 vulnerability in Splunk Enterprise that allows unauthenticated remote ...
SecurityWeek

New Windows Zero-Day Exploit ‘RoguePlanet’ Released

A security researcher has released RoguePlanet, a Windows zero-day exploit leading to local privilege escalation to SYSTEM.
The Hacker News

LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution

Three patched LangGraph flaws could let attackers chain SQL injection and unsafe deserialization for RCE in self-hosted ...

Malicious Hugging Face Models Could Trigger Remote Code Execution

A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI supply chain risks.

Gogs patches critical zero-day enabling remote code execution

Gogs has patched a critical security zero-day flaw that can allow attackers to compromise Internet-facing instances and ...

Microsoft Defender 'RoguePlanet' zero-day grants SYSTEM privileges

A security researcher has released a new Microsoft Defender zero-day exploit named "RoguePlanet" just hours after Microsoft ...
Windows Report

RoguePlanet Zero-Day Grants SYSTEM Privileges on Fully Patched Windows 11 Systems

A new Microsoft Defender zero-day called RoguePlanet reportedly grants SYSTEM privileges on fully patched Windows 10 and Windows 11 devices.
latesthackingnews.com

usbliter8 Exploit Achieves Code Execution in Apple’s Unpatchable SecureROM

Paradigm Shift has published a working exploit for Apple's A12 and A13 SecureROM. The flaw is in hardware, so no patch will ...