Tag: vulnerability
-
Maximum Severity “Ni8mare” Bug Lets Hackers Hijack n8n Servers
A newly discovered vulnerability in authentication platform n8n could allow threat actors to take control of n8n servers First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/maximum-severity-ni8mare-bug/
-
Cisco warns of Identity Service Engine flaw with exploit code
Cisco has patched an ISE vulnerability with public proof-of-concept exploit code that can be abused by attackers with admin privileges. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-warns-of-identity-service-engine-flaw-with-exploit-code/
-
ownCloud Warns Users to Enable MFA After Credential Theft Incident
ownCloud has issued an urgent security advisory urging users to enable Multi-Factor Authentication (MFA) following a credential theft incident reported by threat intelligence firm Hudson Rock. The incident, discovered in January 2026, affected organizations using self-hosted file-sharing platforms, including some ownCloud Community Edition deployments. What Happened The incident did not result from any vulnerability or…
-
Global GoBruteforcer Botnet Campaign Threatens 50,000 Linux Servers
A sophisticated modular botnet known as GoBruteforcer is actively targeting Linux servers worldwide, with researchers estimating that more than 50,000 internet-facing servers remain vulnerable to these coordinated attacks. The threat, which has evolved significantly since its initial discovery in 2023, poses a growing danger to organizations that rely on exposed database and file-transfer services.”‹ GoBruteforcer,…
-
Cybercriminals Exploit VMware ESXi Vulnerabilities Using Zero-Day Toolset
Huntress security researchers have uncovered a sophisticated VMware ESXi exploitation campaign using a zero-day toolkit that remained undetected for over a year before VMware’s public disclosure. The December 2025 intrusion, which began through a compromised SonicWall VPN, demonstrates how threat actors are chaining multiple critical vulnerabilities to achieve complete hypervisor compromise. Attack Chain Begins With…
-
Cybercriminals Exploit VMware ESXi Vulnerabilities Using Zero-Day Toolset
Huntress security researchers have uncovered a sophisticated VMware ESXi exploitation campaign using a zero-day toolkit that remained undetected for over a year before VMware’s public disclosure. The December 2025 intrusion, which began through a compromised SonicWall VPN, demonstrates how threat actors are chaining multiple critical vulnerabilities to achieve complete hypervisor compromise. Attack Chain Begins With…
-
Linux Battery Utility Vulnerability Allows Authentication Bypass and System Tampering
Linux laptop users are being urged to update after a flaw in a popular battery optimisation tool was found to allow authentication bypass and system tampering. The vulnerability affects the TLP power profiles daemon introduced in version 1.9.0, which exposes aD-Bus APIfor managing power profiles with root privileges. How the flaw works TLP’s profiles daemon runs as…
-
2026 Schalter umlegen: Von der Reaktion zur Prävention
Tags: vulnerabilityNeue Technologien, neues Tempo: Die Kompetenzen der Cyberkriminellen entwickeln sich schneller denn je. 2026 werden Unternehmen deshalb einen grundlegenden Wandel vollziehen: weg von einer reaktiven Defensive hin zu proaktiver und präventiver Gefahrenabwehr. Zwingender Auslöser dieses Umschaltens sind Cyberkriminelle, die zunehmend Schwachstellen in Edge-Netzwerken ausnutzen sowie Living-off-the-Land-Techniken (LOTL) verwenden. Letztere zielen darauf ab, eine herkömmliche Abwehr……
-
CISA tags max severity HPE OneView flaw as actively exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a maximum-severity HPE OneView vulnerability as actively exploited in attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-tags-max-severity-hpe-oneview-flaw-as-actively-exploited/
-
GitLab Patches Multiple Flaws Allowing Arbitrary Code Execution
Linux administrators are being urged to update promptly after disclosures of multiple vulnerabilities in GitLab, including flaws that could enablecross-site scripting, authorization bypass, and denial of service inselfmanagedinstances. The latest patch releases, GitLab 18.7.1, 18.6.3, and 18.5.5, address these security issues alongside several bug fixes and dependency updates, and are already deployed on GitLab.com. GitLab…
-
New n8n Vulnerability (CVE-2026-21858) Allows Unauthenticated File Access and RCE
Cybersecurity researchers have disclosed a new critical flaw in the popular workflow automation platform n8n that could allow unauthenticated attackers to fully compromise vulnerable systems. The issue, tracked as CVE-2026-21858 and assigned a maximum CVSS score of 10.0, is being described as one of the most severe n8n vulnerabilities reported to date. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cve-2026-21858-n8n-webhook-vulnerability/
-
CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, injection, kev, microsoft, office, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting Microsoft Office and Hewlett Packard Enterprise (HPE) OneView to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.The vulnerabilities are listed below -CVE-2009-0556 (CVSS score: 8.8) – A code injection vulnerability in Microsoft Office First seen on thehackernews.com…
-
A Single Browser Flaw, Millions at Risk: What the Chrome WebView Vulnerability Teaches Us About Exposure Windows
Tags: android, application-security, browser, chrome, cybersecurity, flaw, google, malicious, risk, update, vulnerability, windowsA recent security update reveals that Google patched a high-severity Chrome WebView vulnerability that could allow attackers to bypass application security restrictions and execute malicious content within Android and enterprise applications, according to Cybersecurity News. Because Chrome WebView is embedded inside countless applications, the flaw expanded risk far beyond traditional browser usage. Many organizations were…
-
Holes in Veeam Backup suite allow remote code execution, creation of malicious backup config files
Tags: access, backup, credentials, cve, cvss, cybersecurity, data, exploit, jobs, malicious, monitoring, password, ransomware, remote-code-execution, risk, risk-management, sans, threat, update, veeam, vulnerabilityCVE-2025-59470 (with a CVSS score of 9) allows a Backup or Tape Operator to perform remote code execution (RCE) as the Postgres user by sending a malicious interval or order parameter;CVE-2025-59469 (with a severity score of 7.2) allows a Backup or Tape Operator to write files as root;CVE-2025-55125 (with a severity score of 7.2) allows a Backup…
-
How secure is your data with Agentic AI?
Are Non-Human Identities the Key to Unlocking Data Security with Agentic AI? Where data security is paramount, many organizations grapple with the potential vulnerabilities that Agentic AI might introduce if not managed properly. Central to this discussion is the role of Non-Human Identities (NHIs) and Secrets Security Management”, a subject demanding the attention of cybersecurity…
-
Ni8mare flaw gives unauthenticated control of n8n instances
A critical n8n flaw (CVE-2026-21858, CVSS 10.0), dubbed Ni8mare, allows unauthenticated attackers to fully take over vulnerable instances. Researchers uncovered a maximum severity n8n vulnerability, tracked as CVE-2026-21858 (CVSS score of 10.0). The flaw, dubbed Ni8mare by Cyera researchers who discovered the vulnerability, lets unauthenticated attackers fully compromise affected instances. n8n is a workflow automation…
-
Critical jsPDF flaw lets hackers steal secrets via generated PDFs
The jsPDF library for generating PDF documents in JavaScript applications is vulnerable to a critical vulnerability that allows an attacker to steal sensitive data from the local filesystem by including it in generated files. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-jspdf-flaw-lets-hackers-steal-secrets-via-generated-pdfs/
-
Critical n8n Vulnerability Allows Authenticated Remote Code Execution
A critical security vulnerability has been discovered in n8n, the popular workflow automation tool, potentially allowing authenticated attackers to execute arbitrary code on the host server. Identified as CVE-2026-21877, this high-severity vulnerability affects both self-hosted and n8n Cloud instances, posing a significant risk to organizations relying on the platform for business process automation. The vulnerability has…
-
TOTOLINK EX200 Extender Flaw Allows Attackers Full System Access
A critical security flaw has been discovered in the TOTOLINK EX200 Wi-Fi extender that allows attackers to gain complete control over the device. The vulnerability involves a logic error in how the device handles failedfirmwareupdates, inadvertently opening a backdoor with the highest possible privileges. Because the TOTOLINK EX200 is officially End-of-Life (EoL), the vendor has…
-
Malicious NPM Packages Deliver NodeCordRAT
IntroductionZscaler ThreatLabz regularly monitors the npm database for suspicious packages. In November 2025, ThreatLabz identified three malicious packages: bitcoin-main-lib, bitcoin-lib-js, and bip40. The bitcoin-main-lib and bitcoin-lib-js packages execute a postinstall.cjs script during installation, which installs bip40, the package that contains the malicious payload. This final payload, named NodeCordRAT by ThreatLabz, is a remote access trojan (RAT) with data-stealing capabilities. It is also possible to download bip40…
-
Critical RCE flaw allows full takeover of n8n AI workflow platform
Tags: ai, api, attack, authentication, cloud, credentials, data, email, exploit, flaw, leak, LLM, password, rce, remote-code-execution, threat, vulnerabilityformWebhook function used by n8n Form nodes to receive data doesn’t validate whether the Content-Type field of the POST request submitted by the user is set to multipart/form-data.Imagine a very common use case in which n8n has been used to build a chat interface that allows users to upload files to the system, for example,…
-
Critical n8n Vulnerability Enables Authenticated RCE
A critical n8n vulnerability allows authenticated users to execute arbitrary code, putting automation workflows at risk. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/critical-n8n-vulnerability-enables-authenticated-rce/
-
Malicious NPM Packages Deliver NodeCordRAT
IntroductionZscaler ThreatLabz regularly monitors the npm database for suspicious packages. In November 2025, ThreatLabz identified three malicious packages: bitcoin-main-lib, bitcoin-lib-js, and bip40. The bitcoin-main-lib and bitcoin-lib-js packages execute a postinstall.cjs script during installation, which installs bip40, the package that contains the malicious payload. This final payload, named NodeCordRAT by ThreatLabz, is a remote access trojan (RAT) with data-stealing capabilities. It is also possible to download bip40…
-
NDSS 2025 Automatic Insecurity: Exploring Email Auto-configuration In The Wild
Tags: attack, conference, credentials, cyber, email, Internet, network, technology, threat, vulnerabilitySession 8A: Email Security Authors, Creators & Presenters: Shushang Wen (School of Cyber Science and Technology, University of Science and Technology of China), Yiming Zhang (Tsinghua University), Yuxiang Shen (School of Cyber Science and Technology, University of Science and Technology of China), Bingyu Li (School of Cyber Science and Technology, Beihang University), Haixin Duan (Tsinghua…
-
Max severity Ni8mare flaw lets hackers hijack n8n servers
A maximum severity vulnerability dubbed “Ni8mare” allows remote, unauthenticated attackers to take control over locally deployed instances of the N8N workflow automation platform. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/max-severity-ni8mare-flaw-lets-hackers-hijack-n8n-servers/
-
Critical macOS Flaw Lets Attackers Bypass Apple Privacy Controls Without Consent
A newly disclosed macOS vulnerability bypasses Apple’s TCC privacy controls, allowing silent access to files, microphone data, and user activity. The post Critical macOS Flaw Lets Attackers Bypass Apple Privacy Controls Without Consent appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-macos-flaw-apple-privacy-controls/
-
Veeam issues patch to close critical remote code execution flaw
The vulnerability could let operator-level users run commands as database administrator. First seen on cyberscoop.com Jump to article: cyberscoop.com/veeam-backup-replication-security-flaw-remote-code-execution-fix/
-
Neue Ransomware-Bedrohung zielt auf deutsche Unternehmen
Tags: backup, ciso, cloud, cyberattack, encryption, extortion, firewall, germany, infrastructure, intelligence, network, ransomware, threat, tool, vmware, vulnerabilityDer Ransomware-Dienst Ransomhouse nutzt jetzt eine komplexe Dual-Schlüssel-Verschlüsselung und automatisierte Angriffe auf VMware ESXi.Sicherheitsexperten haben kürzlich festgestellt, dass die Ransomware-Gruppe Jolly Scorpius ihren RaaS-(Ransomware as a Service)-Dienst Ransomhouse massiv verbessert hat. Wie das Threat-Intelligence-Team von Palo Alto Networks berichtet, nutzt die Gruppe jetzt ein fortschrittliches duales Verschlüsselungssystem.Die Angriffe basieren auf einer aktualisierten Version des Verschlüsselungs-Trojaner…