The two bugs impacted n8nβs sandbox mechanism and could be exploited via weaknesses in the AST sanitization logic.
The post N8n Vulnerabilities Could Lead to Remote Code Execution appeared first on SecurityWeek.
The four critical flaws could be exploited without authentication for remote code execution or authentication bypass.
The post SolarWinds Patches Critical Web Help Desk Vulnerabilities appeared first on SecurityWeek.
Russian and Chinese state-sponsored threat actors have been exploiting CVE-2025-8088 since July 2025.
The post APTs, Cybercriminals Widely Exploiting WinRAR Vulnerability appeared first on SecurityWeek.
Tracked as CVE-2026-24858, the bug allows attackers to log into devices registered to other FortiCloud accounts.
The post Fortinet Patches Exploited FortiCloud SSO Authentication Bypass appeared first on SecurityWeek.
A total of 12 vulnerabilities have been fixed in OpenSSL, all discovered by a single cybersecurity firm.
The post High-Severity Remote Code Execution Vulnerability Patched in OpenSSL appeared first on SecurityWeek.
The flaws allow threat actors to obtain root privileges or bypass authentication via Telnet and gain shell access as root.
The post Organizations Warned of Exploited Linux Vulnerabilities appeared first on SecurityWeek.
The vulnerability is tracked as CVE-2026-21509 and it can be exploited to bypass security features.Β
The post Microsoft Patches Office Zero-Day Likely Exploited in Targeted Attacks appeared first on SecurityWeek.
More than 20 vulnerabilities were found and patched in Dormakaba physical access control systems.
The post Access System Flaws Enabled Hackers to Unlock Doors at Major European Firms appeared first on SecurityWeek.
The critical-severity vulnerability can be exploited via crafted network packets for remote code execution.
The post 2024 VMware Flaw Now in Attackersβ Crosshairs appeared first on SecurityWeek.
Similar to recent FortiCloud single sign-on (SSO) login vulnerabilities, the attacks bypass authentication.
The post Fortinet Confirms FortiCloud SSO Exploitation Against Patched Devices appeared first on SecurityWeek.
Really interesting blog post from Anthropic:
In a recent evaluation of AI modelsβ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. This illustrates how barriers to the use of AI in relatively autonomous cyber workflows are rapidly coming down, and highlights the importance of security fundamentals like promptly patching known vulnerabilities.
[β¦]
A notable development during the testing of Claude Sonnet 4.5 is that the model can now succeed on a minority of the networks without the custom cyber toolkit needed by previous generations. In particular, Sonnet 4.5 can now exfiltrate all of the (simulated) personal information in a high-fidelity simulation of the Equifax data breachβΒone of the costliest cyber attacks in historyβΒusing only a Bash shell on a widely-available Kali Linux host (standard, open-source tools for penetration testing; not a custom toolkit). Sonnet 4.5 accomplishes this by instantly recognizing a publicized CVE and writing code to exploit it without needing to look it up or iterate on it. Recalling that the original Equifax breach happened by exploiting a publicized CVE that had not yet been patched, the prospect of highly competent and fast AI agents leveraging this approach underscores the pressing need for security best practices like prompt updates and patches.
Read the whole thing. Automatic exploitation will be a major change in cybersecurity. And things are happening fast. There have been significant developments since I wrote this in October.
CISA has added the Zimbra flaw to the KEV catalog along with three other bugs exploited in the wild.
The post Organizations Warned of Exploited Zimbra Collaboration Vulnerability appeared first on SecurityWeek.
Pwn2Own participants disclosed a total of 76 vulnerabilities during the three-day event.Β
The post Infotainment, EV Charger Exploits Earn Hackers $1M at Pwn2Own Automotive 2026 appeared first on SecurityWeek.
The exploitation of the authentication bypass vulnerability started two days after patches were released.
The post Fresh SmarterMail Flaw Exploited for Admin Access appeared first on SecurityWeek.
Hackers bypass the FortiCloud SSO login authentication to create new accounts and change device configurations.
The post New Wave of Attacks Targeting FortiGate Firewalls appeared first on SecurityWeek.
The startup will use the new funding to accelerate product development and deepen remediation capabilities.
The post Furl Raises $10 Million for Autonomous Vulnerability Remediation appeared first on SecurityWeek.
Fixes were rolled out for over two dozen vulnerabilities, including critical- and high-severity bugs.
The post Atlassian, GitLab, Zoom Release Security Patches appeared first on SecurityWeek.
Cisco has released patches for CVE-2026-20045, a critical vulnerability that can be exploited for unauthenticated remote code execution.
The post Hackers Targeting Cisco Unified CM Zero-DayΒ appeared first on SecurityWeek.
Oracleβs January 2026 CPU resolves roughly 230 unique vulnerabilities across more than 30 products.
The post Oracleβs First 2026 CPU Delivers 337 New Security Patches appeared first on SecurityWeek.
The two bugs, an arbitrary file read and an SSRF bug, can be exploited without user interaction to leak credentials, databases, and other data.
The post Chainlit Vulnerabilities May Leak Sensitive Information appeared first on SecurityWeek.
Login
