[ZDI-26-124|CVE-2025-15060] claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability (CVSS 9.8; Credit: Peter Girnus of Trend Research) https://zerodayinitiative.com/advisories/ZDI-26-124/
T
thezdi@infosec.exchange
@thezdi@infosec.exchange
Posts
-
[ZDI-26-124|CVE-2025-15060] claude-hovercraft executeClaudeCode Command Injection Remote Code Execution Vulnerability (CVSS 9.8; Credit: Peter Girnus of Trend Research) https://zerodayinitiative.com/advisories/ZDI-26-124/ -
Heading to the #[un]prompted conference next week?Heading to the #[un]prompted conference next week? Be sure to catch
@gothburz's talk on "FENRIR: AI Hunting for AI Zero-Days at Scale" His talk shows how we're FENRIR has detected over 100+ CVEs since mid-2025. Don't miss it.
unpromptedcon.org -
CVE-2026-20841: Arbitrary Code Execution in the Windows Notepad - The TrendAI Research team takes a deep dive into this recently patched file parsing bug to show you root cause, source code walk through, and provide detection guidance.CVE-2026-20841: Arbitrary Code Execution in the Windows Notepad - The TrendAI Research team takes a deep dive into this recently patched file parsing bug to show you root cause, source code walk through, and provide detection guidance. Read the details at https://www.zerodayinitiative.com/blog/2026/2/19/cve-2026-20841-arbitrary-code-execution-in-the-windows-notepad
-
Microsoft report six(!) exploits in the wild while Adobe has a small (and relatively quiet) month.Microsoft report six(!) exploits in the wild while Adobe has a small (and relatively quiet) month. Join @TheDustinChilds from Tokyo as he breaks down the release and shows you what to watch for. https://www.zerodayinitiative.com/blog/2026/2/10/the-february-2026-security-update-review
-
Confirmed!Confirmed! Daan Keuper, Thijs Alkemade and Khaled Nassar of Computest Sector 7 used a 2-bug chain to exploit the ChargePoint Home Flex. #Pwn2Own