-
Cybersecurity researchers have disclosed details of yet another maximum-severity security flaw in n8n, a popular workflow automation platform, that allows an unauthenticated remote attacker to gain complete control over susceptible instances. The vulnerability, tracked as CVE-2026-21858 (CVSS score: 10.0), has been codenamed Ni8mare by Cyera Research Labs. Security researcher Dor Attias has been
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
This week in cybersecurity from the editors at Cybercrime Magazine
Sausalito, Calif. – Jan. 7, 2026–Read the full story in 24/7 Wall St.
24/7 Wall St. reports that the First Trust NASDAQ Cybersecurity ETF (NASDAQ:CIBR) gained ~13 percent in 2025, trailing the Nasdaq-100 by nearly 7 percentage points. This underperformance comes as AI-enabled threats are expected to drive unprecedented demand for cybersecurity solutions in 2026, making for a unique opportunity right now.
Cybersecurity Ventures projects global spending on security products and services will exceed $520 billion in 2026, up from $260 billion in 2021. Much of this acceleration stems from what Harvard Business Review describes as a “surge in AI agent attacks” where adversaries exploit the identity crisis created by deepfakes and synthetic identities that can command automated systems in real time.
Watch quarterly earnings calls from CIBR’s largest holdings. Palo Alto Networks, CrowdStrike (NASDAQ:CRWD), and Cloudflare (NYSE:NET) collectively represent nearly 20 percent of the portfolio, and their commentary on AI security spending provides the clearest signal of whether enterprise budgets are shifting toward agentic defense. Revenue growth acceleration above 25 percent in these names would validate the thesis that 2026 marks an inflection point.
CIBR’s $11.1 billion in assets makes it five times larger than competitor HACK, providing superior liquidity. The fund’s 36 holdings offer broader diversification than pure-play alternatives, including exposure to defense contractors like Leidos (NYSE:LDOS) and Booz Allen Hamilton (NYSE:BAH) that capture government cybersecurity budgets. Federal spending on cyber defense exceeds $25 billion annually and is growing as nation-state threats intensify.
Cybercrime Magazine is Page ONE for Cybersecurity. Go to any of our sections to read the latest:
- SCAM. The latest schemes, frauds, and social engineering attacks being launched on consumers globally.
- NEWS. Breaking coverage on cyberattacks and data breaches, and the most recent privacy and security stories.
- HACK. Another organization gets hacked every day. We tell you who, what, where, when, and why.
- VC. Cybersecurity venture capital deal flow with the latest investment activity from various sources around the world.
- M&A. Cybersecurity mergers and acquisitions including big tech, pure cyber, product vendors and professional services.
- BLOG. What’s happening at Cybercrime Magazine. Plus the stories that don’t make headlines (but maybe they should).
- PRESS. Cybersecurity industry news and press releases in real time from the editors at Business Wire.
- PODCAST. New episodes daily on the Cybercrime Magazine Podcast feature victims, law enforcement, vendors, and cybersecurity experts.
- RADIO. Tune into WCYB Digital Radio at Cybercrime.Radio, the first and only round-the-clock internet radio station devoted to cybersecurity.
Contact us to send story tips, feedback and suggestions, and for sponsorship opportunities and custom media productions.
The post The NASDAQ Cybersecurity ETF Looks Like One of 2026’s Best Investments appeared first on Cybercrime Magazine.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security vulnerability has been discovered in n8n, the popular workflow automation tool, potentially allowing authenticated attackers to execute arbitrary code on the host server. Identified as CVE-2026-21877, this high-severity vulnerability affects both self-hosted and n8n Cloud instances, posing a significant risk to organizations relying on the platform for business process automation. The vulnerability has […]
The post Critical n8n Vulnerability Allows Authenticated Remote Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A custom Windows packer dubbed pkr_mtsi is fueling large-scale malvertising and SEO‑poisoning campaigns that deliver a broad range of information‑stealing and remote‑access malware, according to new research. First observed in the wild on April 24, 2025, the packer remains active and has continuously evolved over the past eight months, while retaining a stable behavioral core that makes it […]
The post Windows Packer pkr_mtsi Powers Widespread Malvertising Campaigns with Multiple Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated new ransomware variant, CrazyHunter, has emerged as a critical threat to the healthcare sector, employing advanced anti-malware evasion techniques and rapid network propagation that have security researchers deeply concerned. Trellix, which has been actively tracking this threat since its initial appearance, reports that the ransomware represents a significant evolution in cybercriminal tactics targeting […]
The post CrazyHunter Ransomware Targets Healthcare Sector Using Sophisticated Evasion Tactics appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Texas based Gulshan Management Services, operator of Handi Plus and Handi Stop gas stations, reports a data breach impacting over 377,000 people.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Security teams are still catching malware. The problem is what they’re not catching. More attacks today don’t arrive as files. They don’t drop binaries. They don’t trigger classic alerts. Instead, they run quietly through tools that already exist inside the environment — scripts, remote access, browsers, and developer workflows. That shift is creating a blind spot. Join us for a deep-dive
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Chinese threat actors are conducting an aggressive campaign that distributes NFC-enabled Android malware capable of intercepting and remotely relaying payment card data via Telegram. Identified as “Ghost Tap” and linked to threat groups including TX-NFC and NFU Pay, the malicious applications employ social engineering tactics to deceive users into installing APKs and unknowingly facilitating fraudulent […]
The post Chinese Hackers Use NFC-Enabled Android Malware to Steal Payment Information appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Open-source workflow automation platform n8n has warned of a maximum-severity security flaw that, if successfully exploited, could result in authenticated remote code execution (RCE). The vulnerability, which has been assigned the CVE identifier CVE-2026-21877, is rated 10.0 on the CVSS scoring system. “Under certain conditions, an authenticated user may be able to cause untrusted code to be
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A critical security flaw has been discovered in the TOTOLINK EX200 Wi-Fi extender that allows attackers to gain complete control over the device. The vulnerability involves a logic error in how the device handles failed firmware updates, inadvertently opening a backdoor with the highest possible privileges. Because the TOTOLINK EX200 is officially End-of-Life (EoL), the vendor has […]
The post TOTOLINK EX200 Extender Flaw Allows Attackers Full System Access appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
