New sandbox escape flaw exposes n8n instances to RCE attacks

Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host.
The Hacker News

SolarWinds Fixes Four Critical Web Help Desk Flaws With Unauthenticated RCE and Auth Bypass

SolarWinds fixed six Web Help Desk vulnerabilities, including four critical flaws that allow unauthenticated remote code execution.
CSO Online

Critical RCE bugs expose the n8n automation platform to host‑level compromise

A JavaScript sandbox bug rated CVSS 9.9 enables attackers to bypass AST‑based protections, while a Python execution bypass ...
CSO Online

Critical bug in popular vm2 Node.js sandboxing library puts projects at risk

Sandbox escape vulnerability in vm2, used by nearly 900 NPM packages, allows attackers to bypass security protections and ...
MIT Technology Review

Rules fail at the prompt, succeed at the boundary

Put rules at the capability boundary: Use policy engines, identity systems, and tool permissions to determine what the agent ...
Que.com on MSN

China-linked hackers deploy PeckBirdy JavaScript C2 framework since 2023

Since 2023, multiple security investigations have highlighted a growing trend in which China-linked threat actors increasingly rely on lightweight, stealthy ...