zlib: Critical security vulnerability allows code smuggling – no update yet

A critical vulnerability in the zlib library, included in many operating systems and programs, allows code smuggling.
The Hacker News

n8n Warns of CVSS 10.0 RCE Vulnerability Affecting Self-Hosted and Cloud Versions

CVE-2026-21877, a critical authenticated RCE flaw with CVSS 10.0, fixed in version 1.121.3 after affecting earlier releases.
CSO Online

React2Shell: Anatomy of a max-severity flaw that sent shockwaves through the web

The explosive, easy-to-trigger vulnerability was exploited within hours of disclosure, exposing the risks of default ...
The Hacker News

Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup & Replication

Veeam patched four Backup & Replication flaws, including CVE-2025-59470 (CVSS 9.0) enabling RCE; update to version ...
InfoWorld

GitHub rolls out AI-powered fixes for code vulnerabilities

Copilot Autofix, a new addition to the GitHub Advanced Security service, analyzes vulnerabilities in code and offers code suggestions to help developers fix them. GitHub has unveiled Copilot Autofix, ...
Morningstar

OX Launches VibeSec to Prevent Vibe Code Vulnerabilities From Ever Being Generated

New platform redefines product security by embedding dynamic security context directly into AI code-generation agents while burning down existing backlogs Guided by live signals from each environment ...

Patch now! Attackers are targeting HPE OneView and PowerPoint

Attackers are exploiting a malicious code vulnerability in HPE OneView. PowerPoint is exclusively attacked on macOS.
InfoWorld

Open source code libraries suffer from vulnerabilities

A recent study found that more than a third of 1,261 open source libraries had a known vulnerability and about a quarter of the downloads were tainted A study of how 31 popular open source code ...