The Hacker News

MetInfo CMS CVE-2026-29014 Exploited for Remote Code Execution Attacks

MetInfo CMS flaw CVE-2026-29014 exploited after April 7 patch, enabling remote code execution and targeting 2,000 instances.
SecurityWeek

Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks

A critical remote code execution and supply chain vulnerability was recently discovered by researchers in Gemini CLI.
Morning Overview on MSN

GitHub patches critical remote code execution flaw in private repositories

GitHub has patched a high-severity remote code execution vulnerability that allowed anyone with push access to a private ...

Weaver E-cology critical bug exploited in attacks since March

Hackers have been exploiting a critical vulnerability (CVE-2026-22679) in the Weaver E-cology office automation since ...
Morning Overview on MSN

Microsoft patches GitHub’s worst vulnerability in years within two hours of disclosure — no exploitation found

A critical remote code execution flaw in GitHub was patched by Microsoft in roughly two hours after public disclosure, ...
The Hacker News

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

CVE-2026-3854 (CVSS 8.7) enabled GitHub RCE via git push, risking cross-tenant access to millions of repositories.
Bleeping Computer

Google links more Chinese hacking groups to React2Shell attacks

Over the weekend, Google's threat intelligence team linked five more Chinese hacking groups to attacks exploiting the maximum-severity "React2Shell" remote code execution vulnerability. Tracked as CVE ...
CSO Online

Riddled with flaws, serial-to-Ethernet converters endanger critical infrastructure

Remote terminal units, PLCs, PoS systems, and bedside patient monitors may be susceptible to remote code execution, ...