Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution
Ravie LakshmananJan 28, 2026Vulnerability / Workflow Automation Cybersecurity researchers have disclosed two new security flaws in the n8n workflow automation...
have
Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan
Ravie LakshmananJan 28, 2026Supply Chain Security / Malware Cybersecurity researchers have discovered two malicious packages in the Python Package Index...
Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities
Ravie LakshmananJan 27, 2026Threat Intelligence / Cyber Espionage Indian government entities have been targeted in two campaigns undertaken by a...
ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services
Cybersecurity researchers have disclosed details of a new campaign that combines ClickFix-style fake CAPTCHAs with a signed Microsoft Application Virtualization...
Microsoft’s Patch Fixes Are Breaking Windows, Forcing a Second Emergency Update
Image: Clint Patterson/Unsplash Microsoft’s own fixes have become its biggest problem, forcing the company to issue a second emergency patch...
Beyond MFA: Building true resilience against identity-based attacks
Multi-factor authentication (MFA) remains a cornerstone of cybersecurity, but attackers have learned find workarounds.As identity-driven attacks continue to rise, organizations...
China-Linked Hackers Have Used the PeckBirdy JavaScript C2 Framework Since 2023
Ravie LakshmananJan 27, 2026Web Security / Malware Cybersecurity researchers have discovered a JScript-based command-and-control (C2) framework called PeckBirdy that has...
Indian Users Targeted in Tax Phishing Campaign Delivering Blackmoon Malware
Ravie LakshmananJan 26, 2026Cyber Espionage / Malware Cybersecurity researchers have discovered an ongoing campaign that's targeting Indian users with a...
Malicious VS Code AI Extensions with 1.5 Million Installs Steal Developer Source Code
Ravie LakshmananJan 26, 2026AI Security / Vulnerability Cybersecurity researchers have discovered two malicious Microsoft Visual Studio Code (VS Code) extensions...
OpenAI’s GPT is getting better at mathematics
Math problems have long proven difficult for AI. Scientists have speculated that this could be because AI systems can’t recognize...
Microsoft releases second out-of-band fix for Windows in a week
Outlook users have reported difficulties with Microsoft’s January Patch Tuesday updates, forcing Microsoft, once again, to patch some of its...
ESET Research: Sandworm behind cyberattack on Poland’s power grid in late 2025
ESET Research The attack involved data-wiping malware that ESET researchers have now analyzed and named DynoWiper ESET Research 23 Jan...
Okta Uncovers Custom Phishing Kits Built for Vishing Callers
Image: Unsplash Phone scammers have achieved an unwelcome breakthrough, combining traditional phishing websites with real-time voice manipulation in ways that...
How ASPM Protects Cloud-Native Applications from Misconfigurations and Exploits
Cloud-native applications have changed how businesses build and scale software. Microservices, containers, and serverless architectures enable faster and more flexible...
Phishing Attack Uses Stolen Credentials to Install LogMeIn RMM for Persistent Access
Ravie LakshmananJan 23, 2026Email Security / Endpoint Security Cybersecurity researchers have disclosed details of a new dual-vector campaign that leverages...
