Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution
Ravie LakshmananJan 28, 2026Vulnerability / Workflow Automation Cybersecurity researchers have disclosed two new security flaws in the n8n workflow automation...
disclosed
ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services
Cybersecurity researchers have disclosed details of a new campaign that combines ClickFix-style fake CAPTCHAs with a signed Microsoft Application Virtualization...
Critical Grist-Core Vulnerability Allows RCE Attacks via Spreadsheet Formulas
Ravie LakshmananJan 27, 2026Vulnerability / Cloud Security A critical security flaw has been disclosed in Grist‑Core, an open-source, self-hosted version...
Anthropic, Microsoft MCP Server Flaws Shine a Light on AI Security Risks
Vulnerabilities disclosed this week in MCP servers from Anthropic and Microsoft put a spotlight on security concerns about a protocol...
Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access
Ravie LakshmananJan 23, 2026Email Security / Endpoint Security Cybersecurity researchers have disclosed details of a new dual-vector campaign that leverages...
New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack
Cybersecurity researchers have disclosed details of a new ransomware family called Osiris that targeted a major food service franchisee operator...
Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access
Ravie LakshmananJan 22, 2026Vulnerability / Linux A critical security flaw has been disclosed in the GNU InetUtils telnet daemon (telnetd)...
CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution
Ravie LakshmananJan 21, 2026Open Source / Vulnerability A security vulnerability has been disclosed in the popular binary-parser npm library that,...
Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution
Ravie LakshmananJan 20, 2026Vulnerability / Artificial Intelligence A set of three security vulnerabilities has been disclosed in mcp-server-git, the official...
Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto
Ravie LakshmananJan 20, 2026Cloud Security / Developer Security Cybersecurity researchers have disclosed details of a malware campaign that's targeting software...
