1010.cx – Page 81 – cybersecurity / defense / intelligence

New n8n Vulnerability Allows Attackers to Execute Arbitrary Commands

·

CVE/vulnerability, cyber security, Cyber Security News, vulnerability

A critical vulnerability has been discovered in n8n, an open-source automation and workflow platform, that could allow authenticated users to execute arbitrary commands on vulnerable systems. The flaw, tracked as CVE-2025-68668, affects all n8n versions from 1.0.0 to 1.999.999 and has a CVSS score of 9.1, indicating severe risk. Attribute Details CVE ID CVE-2025-68668 Vulnerability […]

The post New n8n Vulnerability Allows Attackers to Execute Arbitrary Commands appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
What is Identity Dark Matter?

·

The Invisible Half of the Identity Universe Identity used to live in one place – an LDAP directory, an HR system, a single IAM portal. Not anymore. Today, identity is fragmented across SaaS, on-prem, IaaS, PaaS, home-grown, and shadow applications. Each of these environments carries its own accounts, permissions, and authentication flows. Traditional IAM and IGA tools govern only the nearly

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
VS Code Forks Recommend Missing Extensions, Creating Supply Chain Risk in Open VSX

·

Popular artificial intelligence (AI)-powered Microsoft Visual Studio Code (VS Code) forks such as Cursor, Windsurf, Google Antigravity, and Trae have been found to recommend extensions that are non-existent in the Open VSX registry, potentially opening the door to supply chain risks when bad actors publish malicious packages under those names. The problem, according to Koi, is that these

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Critical AdonisJS Vulnerability Allows Remote Attackers to Write Files on Server

·

cyber security, Cyber Security News, vulnerability

A critical path traversal vulnerability has been discovered in AdonisJS’s multipart file handling, potentially allowing remote attackers to write arbitrary files to server locations outside the intended upload directory. The vulnerability, tracked as CVE-2026-21440, affects @adonisjs/bodyparser versions through 10.1.1 and all 11.x prerelease versions prior to 11.0.0-next.6, with patches now available in versions 10.1.2 and […]

The post Critical AdonisJS Vulnerability Allows Remote Attackers to Write Files on Server appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
New VVS Stealer Malware Targets Discord Users via Fake System Errors

·

cybersecurity, Discord, Infostealer, Malware, Palo Alto Networks, Security, VVS Stealer

Palo Alto Networks’ new report reveals VVS Stealer uses Discord Injection and fake error messages to steal tokens and MFA codes. Protect your account from this new Python-based threat.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Threat Actors Exploit Commodity Loader in Targeted Email Campaigns Against Organizations

·

cyber security, Cyber Security News

Cyble Research and Intelligence Labs (CRIL) has identified a sophisticated, multi-stage attack campaign deploying a shared commodity loader across multiple threat actor groups. The operation demonstrates advanced operational security and represents a significant threat to manufacturing and government organizations in Italy, Finland, and Saudi Arabia. The campaign combines precision targeting with cutting-edge evasion techniques, utilizing […]

The post Threat Actors Exploit Commodity Loader in Targeted Email Campaigns Against Organizations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Connex IT Partners with AccuKnox for Zero Trust CNAPP Security in Southeast Asia

·

Press Release

Menlo Park, India, January 6th, 2026, CyberNewsWire AccuKnox, a global leader in Zero Trust Cloud-Native Application Protection Platforms (CNAPP), has appointed Connex Information Technologies as its authorised distribution partner across South and Southeast Asia. The partnership aligns AccuKnox with Connex, a global value-added distributor that has steadily expanded its regional footprint since its founding in […]

The post Connex IT Partners with AccuKnox for Zero Trust CNAPP Security in Southeast Asia appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
macOS Flaw Allows TCC Bypass, Exposing Sensitive User Information

·

Apple, CVE/vulnerability, cyber security, Cyber Security News, macOS

Apple’s accessibility framework has been found vulnerable to a critical Transparency, Consent, and Control (TCC) bypass that exposes sensitive user data and enables arbitrary AppleScript execution. Researchers have disclosed CVE-2025-43530, a vulnerability in the ScreenReader.The framework’s MIG service permits attackers to execute unauthorized AppleScript commands and send AppleEvents to protected processes without user consent. The […]

The post macOS Flaw Allows TCC Bypass, Exposing Sensitive User Information appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
Cursor, Windsurf & Google Antigravity IDEs Linked to Malicious Extension Exposure

·

cyber security, Cyber Security News, Google

A critical supply chain vulnerability has been discovered affecting millions of developers using popular AI-powered IDEs, including Cursor, Windsurf, and Google Antigravity. Security researchers revealed that these coding environments were actively recommending non-existent extensions, allowing potential attackers to upload malware that users would unthinkingly install. The issue stems from how these tools were built. Cursor, […]

The post Cursor, Windsurf & Google Antigravity IDEs Linked to Malicious Extension Exposure appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶
New ClickFix Attack Uses Fake BSOD to Trick Users into Running Malicious Code

·

cyber security, Cyber Security News

Securonix threat researchers have uncovered a stealthy malware campaign, tracked as PHALT#BLYX, targeting the hospitality sector with a sophisticated “ClickFix” social engineering tactic. This ongoing campaign specifically targets European organizations during the busy holiday season, utilizing fake Booking.com reservation cancellations to deploy a Russian-linked DCRat payload. The infection chain begins with a targeted phishing email […]

The post New ClickFix Attack Uses Fake BSOD to Trick Users into Running Malicious Code appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶

¶¶¶¶¶