Microsoft

Developer-targeting campaign using malicious Next.js repositories

A developer-targeting campaign leveraged malicious Next.js repositories to trigger a covert RCE-to-C2 chain through standard ...
The Hacker News

Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution

Critical CVE-2026-2329 flaw in Grandstream GXP1600 VoIP phones enables unauthenticated RCE, call interception, and credential ...
TechRadar

This SmarterMail vulnerability allows Remote Code Execution - here's what we know

SmarterMail patched CVE-2025-52691, a maximum-severity RCE flaw allowing unauthenticated arbitrary file uploads Exploitation could let attackers deploy web shells or malware, steal data, and pivot ...

Microsoft plugs remote code vulnerability in Notepad app on Windows 11

Microsoft fixes a critical Notepad vulnerability in Windows 11 that could allow remote code execution via malicious Markdown files. Here are the details ...