The Hacker News

Researchers Discover Critical GitHub CVE-2026-3854 RCE Flaw Exploitable via Single Git Push

CVE-2026-3854 (CVSS 8.7) enabled GitHub RCE via git push, risking cross-tenant access to millions of repositories.
CSO Online

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who have found exploitable instances in many commercial services and open-source ...
CSOonline

Atlassian patches critical remote code execution vulnerabilities in multiple products

The company also releases advisories for high-severity data leaks and denial-of-service issues across multiple products, including Jira and Confluence. Atlassian has released urgent patches for ...