1010.cx – Page 103 – cybersecurity / defense / intelligence

Critical n8n Vulnerability Exposes 103,000+ Automation Instances to RCE Attacks

·

CVE/vulnerability, cyber security, Cyber Security News, vulnerability

A critical remote code execution vulnerability in n8n, a popular open-source workflow automation platform, threatens over 103,000 potentially vulnerable instances worldwide. Tracked as CVE-2025-68613 with a maximum CVSS severity score of 9.9, the flaw allows authenticated attackers to execute arbitrary code with n8n process privileges, risking complete instance compromise. Field Description CVE-ID CVE-2025-68613 CVSS Score […]

The post Critical n8n Vulnerability Exposes 103,000+ Automation Instances to RCE Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Threat Actors Impersonate Korean TV Writers to Deliver Malware

·

cyber security, Cyber Security News, Malware

North Korean-backed threat actors are impersonating writers from major Korean broadcasting companies to deliver malicious documents and establish initial access to targeted systems, according to threat intelligence research by Genians Security Center. The “Artemis” campaign, attributed to the APT37 group, combines social engineering with sophisticated technical evasion techniques to bypass endpoint defenses. The attack begins […]

The post Threat Actors Impersonate Korean TV Writers to Deliver Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
MacSync Stealer Malware Targets macOS Users Through Digitally Signed Apps

·

cyber security, Cyber Security News, macOS, Malware

Jamf Threat Labs has uncovered a new MacSync Stealer campaign that significantly raises the bar for macOS malware delivery by abusing Apple’s own trust mechanisms. The latest variant is delivered as a fully code‑signed and notarized Swift application, allowing it to masquerade as legitimate software while executing a stealthy, multi‑stage infostealing routine in the background. […]

The post MacSync Stealer Malware Targets macOS Users Through Digitally Signed Apps appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Spotify Music Library Targeted as Hacktivists Scrape 86 Million Files

·

cyber security, Cyber Security News, Data Breach

Anna’s Archive, a prominent digital preservation platform, has announced the largest unauthorized extraction of Spotify music data ever recorded. The hacktivist group scraped approximately 86 million songs from the streaming service, representing nearly 99.6% of all user listening activity on the platform. The collection, totaling just under 300TB, includes metadata for an estimated 99.9% of […]

The post Spotify Music Library Targeted as Hacktivists Scrape 86 Million Files appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
U.S. DoJ Seizes Fraud Domain Behind $14.6 Million Bank Account Takeover Scheme

·

The U.S. Justice Department (DoJ) on Monday announced the seizure of a web domain and database that it said was used to further a criminal scheme designed to target and defraud Americans by means of bank account takeover fraud. The domain in question, web3adspanels[.]org, was used as a backend web panel to host and manipulate illegally harvested bank login credentials. Users to the website are

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances

·

A critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in arbitrary code execution under certain circumstances. The vulnerability, tracked as CVE-2025-68613, carries a CVSS score of 9.9 out of a maximum of 10.0. The package has about 57,000 weekly downloads, according to statistics on npm. “Under certain

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Fake VPN Chrome Extensions Steal Credentials by Intercepting User Traffic

·

cyber security, Cyber Security News, VPN

Socket’s Threat Research Team has exposed a sophisticated credential-harvesting campaign that has operated through malicious Chrome extensions since 2017. Two variants of an extension named Phantom Shuttle (幻影穿梭), published under the threat actor email theknewone.com@gmail.com, have compromised over 2,180 users by masquerading as legitimate network testing tools while executing complete traffic interception and credential theft. The extensions market […]

The post Fake VPN Chrome Extensions Steal Credentials by Intercepting User Traffic appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
PoC Exploit Released for Critical n8n RCE Vulnerability

·

CVE/vulnerability, cyber security, Cyber Security News, vulnerability

Security researchers have confirmed the release of proof-of-concept (PoC) exploit code for CVE-2025-68613, a critical remote code execution flaw affecting n8n workflow automation platform. The vulnerability carries a maximum CVSS score of 10.0 and impacts versions from v0.211.0 through v1.120.3. n8n is widely deployed in enterprise environments where it automates critical workflows and integrates with […]

The post PoC Exploit Released for Critical n8n RCE Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
FCC Bans Foreign-Made Drones and Key Parts Over U.S. National Security Risks

·

The U.S. Federal Communications Commission (FCC) on Monday announced a ban on all drones and critical components made in a foreign country, citing national security concerns. To that end, the agency has added to its Covered List Uncrewed aircraft systems (UAS) and UAS critical components produced in a foreign country, and all communications and video surveillance equipment and services pursuant

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
University of Phoenix Data Breach Impacts Over 3.5 Million Individuals

·

cyber security, Cyber Security News, Data Breach

University of Phoenix, Inc. disclosed a significant data breach affecting approximately 3.5 million individuals following an external system compromise discovered in November 2025. The unauthorized access occurred on August 13, 2025, but remained undetected until November 21, 2025, creating a three-month window of exposure. Breach Overview The incident resulted from an external hacking attack targeting […]

The post University of Phoenix Data Breach Impacts Over 3.5 Million Individuals appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶