-
A critical vulnerability has been discovered in n8n, an open-source automation and workflow platform, that could allow authenticated users to execute arbitrary commands on vulnerable systems. The flaw, tracked as CVE-2025-68668, affects all n8n version…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical path traversal vulnerability has been discovered in AdonisJS’s multipart file handling, potentially allowing remote attackers to write arbitrary files to server locations outside the intended upload directory. The vulnerability, tracke…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Cyble Research and Intelligence Labs (CRIL) has identified a sophisticated, multi-stage attack campaign deploying a shared commodity loader across multiple threat actor groups. The operation demonstrates advanced operational security and represents a s…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Apple’s accessibility framework has been found vulnerable to a critical Transparency, Consent, and Control (TCC) bypass that exposes sensitive user data and enables arbitrary AppleScript execution. Researchers have disclosed CVE-2025-43530, a vul…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical supply chain vulnerability has been discovered affecting millions of developers using popular AI-powered IDEs, including Cursor, Windsurf, and Google Antigravity. Security researchers revealed that these coding environments were actively rec…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Securonix threat researchers have uncovered a stealthy malware campaign, tracked as PHALT#BLYX, targeting the hospitality sector with a sophisticated “ClickFix” social engineering tactic. This ongoing campaign specifically targets European …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Russian cybercriminals have laundered over $35 million in stolen cryptocurrency linked to the devastating 2022 LastPass breach, according to new forensic analysis by blockchain intelligence firm TRM Labs. The 2022 attack exposed encrypted password vaul…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Threat researchers have uncovered a sophisticated attack campaign targeting FortiWeb web application firewalls across multiple continents, with adversaries deploying the Sliver command-and-control framework to establish persistent access and establish …
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A massive new botnet dubbed “Kimwolf” has infected over 2 million devices globally, transforming innocent users’ home internet connections into secret proxy nodes for cybercriminals. According to a new report by security firm Synthien…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
ProfileHound emerges as a specialized post-exploitation instrument for offensive security professionals seeking to identify high-value targets within Active Directory environments. The tool addresses a critical gap in red-team reconnaissance by enumera…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
