The Hacker News

vm2 Node.js Library Vulnerabilities Enable Sandbox Escape and Arbitrary Code Execution

CVE-2026-44009 (CVSS score: 9.8) - A vulnerability that allows sandbox escape via a null proto exception and permits an ...
SecurityWeek

Critical Gemini CLI Flaw Enabled Host Code Execution, Supply Chain Attacks

A critical remote code execution and supply chain vulnerability was recently discovered by researchers in Gemini CLI.
SecurityWeek

EnOcean SmartServer Flaws Expose Buildings to Remote Hacking

Vulnerabilities in EnOcean’s SmartServer IoT platform can be exploited to remotely hack building management systems.
Bleeping Computer

GIGABYTE Control Center vulnerable to arbitrary file write flaw

The GIGABYTE Control Center is vulnerable to an arbitrary file-write flaw that could allow a remote, unauthenticated attacker to access files on vulnerable hosts. The hardware maker says that ...