The Hacker News

Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials

Two critical n8n flaws (CVSS 9.4, 9.5) enable RCE via expression sandbox escape and public forms, risking credential exposure ...

Chrome emergency update: Two attacked code-injection vulnerabilities patched

Google released an emergency update for Chrome on Friday night. It patches two security vulnerabilities that were attacked on the internet.
ZDNet

23andMe and JFrog partner to solve code injection vulnerability

Security researchers at JFrog worked with biotechnology company 23andMe to address a vulnerability with Yamale, a tool written by the company and used by over 200 repositories. The smartest companies ...

SAP Patch Day: NetWeaver vulnerability allows code injection

In March, SAP addresses partly critical security vulnerabilities in various products in 15 advisories. Admins must act.
TechJuice

Researchers Claim Malicious Repositories Turn Claude Code Into an Ideal Hacker’s Tool

Security researchers disclose critical vulnerabilities in Anthropic’s Claude Code that allow remote code execution and credential theft.
Hosted on MSN

CISA flags actively exploited Office relic alongside fresh HPE flaw

CISA has added a pair of security holes to its actively exploited list, warning that attackers are now abusing a maximum-severity bug in HPE's OneView management software and a years-old flaw in ...
SDxCentral

VU#148244: PandasAI interactive prompt function can be exploited to run arbitrary Python code through prompt injection, which can lead to remote code execution (RCE)

PandasAI, an open source project by SinaptikAI, has been found vulnerable to Prompt Injection attacks. An attacker with access to the chat prompt can craft malicious input that is interpreted as code, ...