The Hacker News

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

North Korea-linked Lazarus campaign spreads malicious npm and PyPI packages via fake crypto job offers, deploying RATs and ...
The Register on MSN

n8n security woes roll on as new critical flaws bypass December fix

Patch meant to close a severe expression bug fails to stop attackers with workflow access Multiple newly disclosed bugs in ...
The Hacker News

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

Critical n8n v CVE-2026-25049 allows authenticated workflow abuse to execute system commands and expose server data.
Technobezz on MSN

AWS fixed a critical CodeBuild flaw that exposed GitHub repositories

AWS patched a critical CodeBuild flaw that risked GitHub repository hijacking and potential supply chain attacks via the AWS ...
Infosecurity-magazine.com

Maximum Severity “Ni8mare” Bug Lets Hackers Hijack n8n Servers

Security experts have warned of a critical new vulnerability in popular AI workflow automation platform n8n that could enable adversaries to take over locally deployed instances and compromise ...
SiliconANGLE

Cyera researchers detail critical ‘Ni8mare’ vulnerability allowing full takeover of n8n instances

A new report out today from data security company Cyera Ltd. is warning that a recently discovered critical security vulnerability in workflow automation platform n8n is putting thousands of ...
TechRepublic

Windows Users at Risk as Critical Zoom Vulnerability Exploited

Windows users are in the crosshairs after a critical vulnerability in Zoom was actively exploited. The flaw, which affects multiple Zoom products on Windows, allows attackers to quietly escalate ...
TWCN Tech News

Microsoft Teams webhook 403 errors [Fix]

A 403 Forbidden error when posting to a Microsoft Teams incoming webhook indicates that the server received your request but explicitly refused authorization ...
CoinTelegraph

Hackers are exploiting a JavaScript library to plant crypto drainers

The React team published a fix on Dec. 3 and advises anyone using the react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack, to upgrade immediately. There has been a recent ...
CSOonline

Apache Tika hit by critical vulnerability thought to be patched months ago

A security flaw in the widely-used Apache Tika XML document extraction utility, originally made public last summer, is wider in scope and more serious than first thought, the project’s maintainers ...
Infosecurity-magazine.com

React.js Hit by Maximum-Severity 'React2Shell' Vulnerability

A critical remote code execution vulnerability in React.js has been identified. React.js is a JavaScript library for building fast, interactive user interfaces (UIs) using reusable components. The ...
American Banker

VPN vulnerability leads to data breaches at 70 banks

A ransomware attack on Marquis Software Solutions compromised the personal and financial data of hundreds of thousands of consumers across dozens of community banks and credit unions, highlighting the ...