Tag: flaw
-
Max severity Ni8mare flaw lets hackers hijack n8n servers
A maximum severity vulnerability dubbed “Ni8mare” allows remote, unauthenticated attackers to take control over locally deployed instances of the N8N workflow automation platform. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/max-severity-ni8mare-flaw-lets-hackers-hijack-n8n-servers/
-
Critical macOS Flaw Lets Attackers Bypass Apple Privacy Controls Without Consent
A newly disclosed macOS vulnerability bypasses Apple’s TCC privacy controls, allowing silent access to files, microphone data, and user activity. The post Critical macOS Flaw Lets Attackers Bypass Apple Privacy Controls Without Consent appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-macos-flaw-apple-privacy-controls/
-
Veeam issues patch to close critical remote code execution flaw
The vulnerability could let operator-level users run commands as database administrator. First seen on cyberscoop.com Jump to article: cyberscoop.com/veeam-backup-replication-security-flaw-remote-code-execution-fix/
-
Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control
Cybersecurity researchers have disclosed details of yet another maximum-severity security flaw in n8n, a popular workflow automation platform, that allows an unauthenticated remote attacker to gain complete control over susceptible instances.The vulnerability, tracked as CVE-2026-21858 (CVSS score: 10.0), has been codenamed Ni8mare by Cyera Research Labs. Security researcher Dor Attias has been First seen on…
-
New Veeam vulnerabilities expose backup servers to RCE attacks
Veeam released security updates to patch multiple security flaws in its Backup & Replication software, including a critical remote code execution (RCE) vulnerability. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-veeam-vulnerabilities-expose-backup-servers-to-rce-attacks/
-
Veeam resolves CVSS 9.0 RCE flaw and other security issues
Veeam patched a critical RCE flaw in Backup & Replication, CVE-2025-59470, rated CVSS 9.0, along with other vulnerabilities. Veeam released patches for multiple Backup & Replication flaws, including a critical RCE vulnerability tracked as CVE-2025-59470 (CVSS score of 9.0). A Backup or Tape Operator can achieve remote code execution as the postgres user by abusing…
-
Veeam resolves CVSS 9.0 RCE flaw and other security issues
Veeam patched a critical RCE flaw in Backup & Replication, CVE-2025-59470, rated CVSS 9.0, along with other vulnerabilities. Veeam released patches for multiple Backup & Replication flaws, including a critical RCE vulnerability tracked as CVE-2025-59470 (CVSS score of 9.0). A Backup or Tape Operator can achieve remote code execution as the postgres user by abusing…
-
Veeam resolves CVSS 9.0 RCE flaw and other security issues
Veeam patched a critical RCE flaw in Backup & Replication, CVE-2025-59470, rated CVSS 9.0, along with other vulnerabilities. Veeam released patches for multiple Backup & Replication flaws, including a critical RCE vulnerability tracked as CVE-2025-59470 (CVSS score of 9.0). A Backup or Tape Operator can achieve remote code execution as the postgres user by abusing…
-
Veeam Patches Critical RCE Vulnerability with CVSS 9.0 in Backup & Replication
Veeam has released security updates to address multiple flaws in its Backup & Replication software, including a “critical” issue that could result in remote code execution (RCE).The vulnerability, tracked as CVE-2025-59470, carries a CVSS score of 9.0.”This vulnerability allows a Backup or Tape Operator to perform remote code execution (RCE) as the postgres user by…
-
n8n Warns of CVSS 10.0 RCE Vulnerability Affecting Self-Hosted and Cloud Versions
Tags: automation, cloud, cve, cvss, exploit, flaw, open-source, rce, remote-code-execution, vulnerabilityOpen-source workflow automation platform n8n has warned of a maximum-severity security flaw that, if successfully exploited, could result in authenticated remote code execution (RCE).The vulnerability, which has been assigned the CVE identifier CVE-2026-21877, is rated 10.0 on the CVSS scoring system.”Under certain conditions, an authenticated user may be able to cause untrusted code to be…
-
Hackers actively exploit critical RCE flaw in legacy D-Link DSL routers
Attackers are exploiting a critical flaw (CVE-2026-0625) in old D-Link DSL routers that allows remote command execution. Threat actors are actively exploiting a critical RCE flaw, tracked as CVE-2026-0625 (CVSS score of 9.3), in legacy D-Link DSL routers. The vulnerability is an improper neutralization of special elements used in an OS Command (‘OS Command Injection’),…
-
Unpatched TOTOLINK EX200 Flaw Enables Root-Level Telnet Access, CERT/CC Warns
A serious and unpatched security flaw has been disclosed in the TOTOLINK EX200 wireless range extender. The vulnerability, tracked as CVE-2025-65606, allows a remote authenticated attacker to gain full system control by abusing a flaw in the device’s firmware-upload mechanism. The issue was publicly disclosed by the CERT Coordination Center (CERT/CC) on January 6, 2026, and currently has no…
-
Veeam Backup Vulnerability Exposes Systems to Root-Level Remote Code Execution
Veeam has released a critical security update for itsBackup & Replicationsoftware to address multiple high-severity vulnerabilities. The most concerning of these flaws could allow attackers to execute remote code with root-level privileges, potentially granting them full control over affected systems. These vulnerabilities specifically affectVeeam Backup & Replication version 13.0.1.180and all earlier version 13 builds. Veeam…
-
Google Warns of High-Risk WebView Vulnerability That Breaks Security Controls
Google released Chrome versions 143.0.7499.192/.193 on January 6, 2026, to patch a high-severity vulnerability in WebView that could allow attackers to bypass important security policies. The flaw, tracked as CVE-2026-0628, represents a significant threat to users whose browsers rely on WebView’s policy enforcement framework to block malicious content. Attribute Details CVE ID CVE-2026-0628 Severity High…
-
Ongoing Attacks Exploiting Critical RCE Vulnerability in Legacy D-Link DSL Routers
A newly discovered critical security flaw in legacy D-Link DSL gateway routers has come under active exploitation in the wild.The vulnerability, tracked as CVE-2026-0625 (CVSS score: 9.3), concerns a case of command injection in the “dnscfg.cgi” endpoint that arises as a result of improper sanitization of user-supplied DNS configuration parameters.”An unauthenticated remote attacker can inject…
-
HackerOne ‘ghosted’ me for months over $8,500 bug bounty, says researcher
Long after CVEs issued and open source flaws fixed First seen on theregister.com Jump to article: www.theregister.com/2026/01/07/hackerone_ghosted_researcher/
-
CERT/CC warns of critical, unfixed vulnerability in TOTOLINK EX200
CERT/CC disclosed an unpatched flaw in the TOTOLINK EX200 that allows a remote authenticated attacker to fully compromise the device. CERT/CC warns of an unpatched vulnerability, tracked as CVE-2025-65606, in the TOTOLINK EX200 range extender that lets a remote authenticated attacker fully take over the device. The TOTOLINK EX200 is a compact Wi-Fi range extender…
-
RondoDox Botnet Operators Set React2Shell Flaw in Their Sights
The operators behind the highly adaptable RondoDox botnet campaign that kicked off in late March have proven to be ready to embrace the latest attack trends. Most recently, in December they began targeting Next.js servers that are vulnerable to the maximum-severity React2Shell flaw, which was disclosed December 3. First seen on securityboulevard.com Jump to article:…
-
New D-Link flaw in legacy DSL routers actively exploited in attacks
Threat actors are exploiting a recently discovered command injection vulnerability that affects multiple D-Link DSL gateway routers that went out of support years ago. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-d-link-flaw-in-legacy-dsl-routers-actively-exploited-in-attacks/
-
Google fixes critical Dolby Decoder bug in Android January update
Android’s January 2026 update fixes CVE-2025-54957, a critical Dolby audio decoder flaw discovered by Google researchers in October 2025. A critical Dolby audio decoder vulnerability, tracked as CVE-2025-54957, was addressed in the January 2026 Android security update. Google fixed the flaw in December 2025 for Pixel phones and has now rolled out the fix to…
-
Unpatched Firmware Flaw Exposes TOTOLINK EX200 to Full Remote Device Takeover
The CERT Coordination Center (CERT/CC) has disclosed details of an unpatched security flaw impacting TOTOLINK EX200 wireless range extender that could allow a remote authenticated attacker to gain full control of the device.The flaw, CVE-2025-65606 (CVSS score: N/A), has been characterized as a flaw in the firmware-upload error-handling logic, which could cause the device to…
-
High-Severity Flaw in Open WebUI Affects AI Connections
A high-severity security flaw in Open WebUI Direct Connections risks account takeover and server compromises First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/flaw-open-webui-affects-ai/
-
macOS Flaw Enables Silent Bypass of Apple Privacy Controls
A macOS vulnerability (CVE-2025-43530) allows attackers to silently bypass TCC privacy controls and access sensitive user data. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/macos-flaw-enables-silent-bypass-of-apple-privacy-controls/
-
New n8n Vulnerability Allows Attackers to Execute Arbitrary Commands
A critical vulnerability has been discovered in n8n, an open-source automation and workflow platform, that could allow authenticated users to execute arbitrary commands on vulnerable systems. The flaw, tracked as CVE-2025-68668, affects all n8n versions from 1.0.0 to 1.999.999 and has a CVSS score of 9.1, indicating severe risk. Attribute Details CVE ID CVE-2025-68668 Vulnerability…
-
Open WebUI bug turns the ‘free model’ into an enterprise backdoor
Tags: access, api, authentication, backdoor, data, exploit, flaw, malicious, mitigation, network, nvd, remote-code-execution, risk, tool, updateEscalating to Remote Code Execution: The risk doesn’t stop at account takeover. If the compromised account has workspace.tools permissions, attackers can leverage that session token to push authenticated Python code through Open WebUI’s Tools API, which executes without sandboxing or validation.This turns a browser-level compromise into full remote code execution on the backend server. Once…
-
Are Copilot prompt injection flaws vulnerabilities or AI limits?
Microsoft has pushed back against claims that multiple prompt injection and sandbox-related issues raised by a security engineer in its Copilot AI assistant constitute security vulnerabilities. The development highlights a growing divide between how vendors and researchers define risk in generative AI systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/are-copilot-prompt-injection-flaws-vulnerabilities-or-ai-limits/
-
AI, Quantum, and the New Threat Frontier: What Will Define Cybersecurity in 2026?
Tags: access, ai, api, application-security, attack, authentication, automation, business, ciso, cloud, compliance, computer, computing, container, control, crypto, cryptography, cyber, cybersecurity, data, data-breach, defense, detection, encryption, exploit, finance, flaw, framework, governance, government, healthcare, iam, identity, infrastructure, injection, LLM, malicious, metric, monitoring, network, nist, open-source, oracle, regulation, resilience, risk, service, skills, software, strategy, supply-chain, threat, tool, vulnerability, vulnerability-management, waf, zero-day, zero-trustAI, Quantum, and the New Threat Frontier: What Will Define Cybersecurity in 2026? madhav Tue, 01/06/2026 – 04:44 If we think 2025 has been fast-paced, it’s going to feel like a warm-up for the changes on the horizon in 2026. Every time this year, Thales experts become cybersecurity oracles and predict where the industry is…