The Hacker News

Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package

Active attacks exploit Metro4Shell (CVE-2025-11953) in React Native CLI to execute commands and deploy Rust malware.
Forbes

Microsoft Emergency Server Update Not Enough To Stop Attacks

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. Every security team’s nightmare came true over the weekend: a ...
Dexerto

Arc Raiders dev says it will “take action” against duping bug abusers following fix rollout

Arc Raiders’ item duplication exploit has remained active in the game following the game’s February 10 Shared Watch update.
Bleeping Computer

Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own

During the second day of Pwn2Own Berlin 2025, competitors earned $435,000 after exploiting zero-day bugs in multiple products, including Microsoft SharePoint, VMware ESXi, Oracle VirtualBox, Red Hat ...
Oklahoma's News

Xeris Uncovers Critical MCP Server Exploit Enabling Host Code Execution

TEL AVIV, ISRAEL, July 8, 2025 /EINPresswire.com/ -- Xeris, a pioneer in GenAI security, has revealed a new and dangerous attack vector dubbed the “MCP Server Host ...

Microsoft February 2026 Patch Tuesday fixes 6 zero-days, 58 flaws

Today is Microsoft' 2026 Patch Tuesday with security updates for 58 flaws, including 6 actively exploited and three publicly disclosed zero-day vulnerabilities.
SecurityWeek

6 Actively Exploited Zero-Days Patched by Microsoft With February 2026 Updates

Microsoft’s February 2026 Patch Tuesday updates fix 60 vulnerabilities, including six actively exploited zero-days.
AOL

Microsoft knew of SharePoint security flaw but failed to effectively patch it, timeline shows

LONDON (Reuters) -A security patch Microsoft released this month failed to fully fix a critical flaw in the U.S. tech giant's SharePoint server software, opening the door to a sweeping global cyber ...