Vulnerability A

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

AndyC 5 February 2026

Ravie LakshmananFeb 05, 2026Workflow Automation / Vulnerability A new, critical security vulnerability has been disclosed in the n8n workflow automation...

CERT/CC Warns binary-parser Bug Allows Node.js Privilege-Level Code Execution

AndyC 21 January 2026

Ravie LakshmananJan 21, 2026Open Source / Vulnerability A security vulnerability has been disclosed in the popular binary-parser npm library that,...

OfferUp scammers are out in force: Here’s what you should know

AndyC 5 February 2026

The mobile marketplace app has a growing number of users, but not all of them are genuine. Watch out for these common scams. Phil Muncaster...

A slippery slope: Beware of Winter Olympics scams and other cyberthreats

AndyC 3 February 2026

Digital Security It’s snow joke – sporting events are a big draw for cybercriminals. Make sure you’re not on the losing side by following these...

A slippery slope: Beware of Winter Olympics scams and other cyberthreats

AndyC 3 February 2026

Digital Security It’s snow joke – sporting events are a big draw for cybercriminals. Make sure you’re not on the losing side by following these...

This month in security with Tony Anscombe – January 2026 edition

AndyC 31 January 2026

The year got off to a busy start, with January offering an early snapshot of the challenges that (not just) cybersecurity teams are likely to...

DynoWiper update: Technical analysis and attribution

AndyC 31 January 2026

In this blog post, we provide more technical details related to our previous DynoWiper publication. Key points of the report: ESET researchers identified new data-wiping...

Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan

AndyC 29 January 2026

ESET researchers have uncovered an Android spyware campaign leveraging romance scam tactics to target individuals in Pakistan. The campaign uses a malicious app posing as...