The Hacker News

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025

Adobe Reader zero-day exploited since Dec 2025 via malicious PDFs, enabling data theft and potential RCE, prompting urgent ...
SecurityWeek

Hackers Targeting Ninja Forms Vulnerability That Exposes WordPress Sites to Takeover

Hackers have been targeting a critical file upload flaw in an addon for the Ninja Forms WordPress plugin that leads to remote ...
SecurityWeek

Adobe Reader Zero-Day Exploited for Months: Researcher

A researcher has come across what appears to be an actively exploited Adobe Acrobat and Reader zero-day vulnerability.

13-year-old bug in ActiveMQ lets hackers remotely execute commands

Security researchers discovered a remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that has gone ...

Hackers now exploit critical F5 BIG-IP flaw in attacks, patch now

F5 has reclassified a BIG-IP APM denial-of-service (DoS) vulnerability as a critical-severity remote code execution (RCE) flaw, warning that attackers are exploiting it to deploy webshells on ...
techtimes

Microsoft Releases Patches For Zero-Day Exploits, Remote Code Execution Vulnerabilities, and More

Microsoft has addressed several fixes for zero-day flaws and other vulnerabilities on Tuesday, Dec. 14 for its last round of patches before the year ends. The tech giant indicated that it has solved ...
Security Boulevard

CVE-2026-20963: SharePoint Deserialization Remote Code Execution Vulnerability

Microsoft SharePoint, a core platform for enterprise collaboration, is facing active exploitation through a newly confirmed vulnerability, tracked as CVE-2026-20963. Rooted in unsafe deserialization ...
CSOonline

Microsoft demonstrates remote code execution exploit against PLCs that support CODESYS

Researchers from Microsoft have demonstrated how programmable logic controllers (PLCs) that support the CODESYS runtime can be taken over by exploiting high-severity remote code execution (RCE) ...
Security Boulevard

Microsoft’s March Security Update of High-Risk Vulnerability Notice for Multiple Products

Overview On March 11, NSFOCUS CERT detected that Microsoft released the March Security Update patch, which fixed 83 security issues involving widely used products such as Windows, Microsoft Office, ...
Searchenginejournal.com

WordPress Elementor Plugin Remote Code Execution Vulnerability

A vulnerability was discovered in Elementor, starting with version 3.6.0, that allows an attacker to upload arbitrary code and stage a full site takeover. The flaw was introduced through a lack of ...
Digital Journal

Microsoft’s SharePoint server remote code execution zero-day vulnerability

Microsoft has released its August 2025 Patch package, a cumulative set of updates addressing more than 100 vulnerabilities across a host of its products. Microsoft’s SharePoint Server Remote Code ...
ZDNet

Code execution exploit dings iPhone

Apple's iPhone has failed the security smell test. Researchers at Security Evaluators have found what is believed to be the first remote code execution flaw affecting the device -- a bug that can be ...