The Hacker News

Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution

Critical CVE-2026-2329 flaw in Grandstream GXP1600 VoIP phones enables unauthenticated RCE, call interception, and credential ...
Dark Reading

Researchers Release Details of New RCE Exploit Chain for SharePoint

Researchers who discovered two critical vulnerabilities in Microsoft SharePoint Server have released details of an exploit they developed that chains the two vulnerabilities together to enable remote ...
Dark Reading

Apache Tomcat RCE Vulnerability Under Fire With 2-Step Exploit

A vulnerability found in Apache Tomcat, tracked as CVE-2025-24813, is being actively exploited in the wild. The remote code execution (RCE) bug allows attackers to take over servers using a PUT API ...
Bleeping Computer

Exploit released for Fortinet RCE bug used in attacks, patch now

Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited ...
Infosecurity-magazine.com

Hackers Target Atlassian Confluence With RCE Exploits

Security experts are observing attempts to exploit the remote code execution (RCE) vulnerability CVE-2023-22527 affecting outdated Atlassian Confluence servers. The company disclosed the flaw last ...
GosuGamers

Call of Duty: WWII pulled from Xbox PC Game Pass amid RCE exploit chaos

The Xbox PC release was probably supposed to be a quiet drop, but what players got instead were pop-ups, downloads, and a lawyer’s face on their desktop. Activision has removed Call of Duty: WWII from ...