Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution
Ravie LakshmananJan 28, 2026Vulnerability / Workflow Automation Cybersecurity researchers have disclosed two new security flaws in the n8n workflow automation...
Hacking
Category Added in a WPeMatico Campaign
From Triage to Threat Hunts: How AI Accelerates SecOps
If you work in security operations, the concept of the AI SOC agent is likely familiar. Early narratives promised total...
Critical vm2 Node.js Flaw Allows Sandbox Escape and Arbitrary Code Execution
Ravie LakshmananJan 28, 2026Vulnerability / Open Source A critical sandbox escape vulnerability has been disclosed in the popular vm2 Node.js...
Password Reuse in Disguise: An Often-Missed Risky Workaround
When security teams discuss credential-related risk, the focus typically falls on threats such as phishing, malware, or ransomware. These attack...
Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088
Ravie LakshmananJan 28, 2026Vulnerability / Threat Intelligence Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially...
Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan
Ravie LakshmananJan 28, 2026Supply Chain Security / Malware Cybersecurity researchers have discovered two malicious packages in the Python Package Index...
Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected
Ravie LakshmananJan 28, 2026Network Security / Zero-Day Fortinet has begun releasing security updates to address a critical flaw impacting FortiOS...
WhatsApp Rolls Out Lockdown-Style Security Mode to Protect Targeted Users From Spyware
Ravie LakshmananJan 27, 2026Mobile Security / Spyware Meta on Tuesday announced it's adding Strict Account Settings on WhatsApp to secure...
Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities
Ravie LakshmananJan 27, 2026Threat Intelligence / Cyber Espionage Indian government entities have been targeted in two campaigns undertaken by a...
ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services
Cybersecurity researchers have disclosed details of a new campaign that combines ClickFix-style fake CAPTCHAs with a signed Microsoft Application Virtualization...
CTEM in Practice: Prioritization, Validation, and Outcomes That Matter
The Hacker NewsJan 27, 2026Attack Surface Management / Cyber Risk Cybersecurity teams increasingly want to move beyond looking at threats...
Microsoft Office Zero-Day (CVE-2026-21509) – Emergency Patch Issued for Active Exploitation
Ravie LakshmananJan 27, 2026Zero-Day / Vulnerability Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability...
Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas
Ravie LakshmananJan 27, 2026Vulnerability / Cloud Security A critical security flaw has been disclosed in Grist‑Core, an open-source, self-hosted version...
China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023
Ravie LakshmananJan 27, 2026Web Security / Malware Cybersecurity researchers have discovered a JScript-based command-and-control (C2) framework called PeckBirdy that has...
Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware
Ravie LakshmananJan 26, 2026Cyber Espionage / Malware Cybersecurity researchers have discovered an ongoing campaign that's targeting Indian users with a...
