The Hacker News

Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution

Critical CVE-2026-2329 flaw in Grandstream GXP1600 VoIP phones enables unauthenticated RCE, call interception, and credential ...

Moonwell hit by $1.78M exploit as AI vibe coding debate reaches DeFi

Moonwell’s $1.78 million oracle mispricing exploit is reigniting debate over “vibe-coded” smart contracts and how AI tools like Claude Opus 4.6 should be governed in DeFi development.
CSO Online

Flaws in four popular VS Code extensions left 128 million installs open to attack

Three of the four vulnerabilities remained unpatched months after OX Security reported them to the maintainers.

Flaws in popular VSCode extensions expose developers to attacks

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...