The Hacker News

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

NGINX Rift CVE-2026-42945 scores 9.2 after 18 years, enabling unauthenticated RCE or DoS via crafted HTTP requests.
The Hacker News

NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days ...
Hosted on MSN

OpenClaw patches one-click RCE as security Whac-A-Mole continues

Security issues continue to pervade the OpenClaw ecosystem, formerly known as ClawdBot then Moltbot, as multiple projects patch bot takeover and remote code execution (RCE) exploits.… The initial hype ...
Dark Reading

Apache Tomcat RCE Vulnerability Under Fire With 2-Step Exploit

A vulnerability found in Apache Tomcat, tracked as CVE-2025-24813, is being actively exploited in the wild. The remote code execution (RCE) bug allows attackers to take over servers using a PUT API ...
CSO Online

Fortinet fixes two critical RCE flaws in FortiAuthenticator and FortiSandbox

The company — whose recent vulnerabilities have been hit with zero-day and n-day exploits — also released three patches for ...
TweakTown

Activision remove Call of Duty: WWII from Xbox Store after PC players were being hacked

TL;DR: Call of Duty: WWII PC players reported a Remote Command Execution (RCE) exploit allowing hackers to control their PCs mid-game, leading to malware risks. Following increased attacks after its ...