The Hacker News

Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution

Critical CVE-2026-2329 flaw in Grandstream GXP1600 VoIP phones enables unauthenticated RCE, call interception, and credential theft.
Que.com on MSN

Docker patches critical 'Ask Gordon AI' flaw enabling code execution

Docker has released security fixes for a critical vulnerability affecting its AI-assisted feature known as Ask Gordon. The issue could ...
The Hacker News

Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution

Fortinet fixes critical FortiClientEMS SQL injection flaw (CVSS 9.1) enabling code execution; separate SSO bug actively exploited.
CSOonline

Gladinet servers file-sharing servers allow remote code execution

Enterprises relying on Gladinet’s file-sharing services are faced with another round of zero-day patching, this time to block attackers from abusing cryptographic keys directly baked into its ...
Security Boulevard

Update Chrome now: Zero-day bug allows code execution via malicious webpages

Google has released an emergency update to patch an actively exploited zero-day—the first Chrome zero-day of the year.

arbitrary code execution

Google released a Chrome security update fixing two high-severity flaws that could enable code execution or crashes via malicious websites.