Cybersecurity researchers have disclosed details of two now-patched security flaws in the n8n workflow automation platform, including two critical bugs that could result in arbitrary command execution. The vulnerabilities are… Read More »Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials
Meta on Wednesday said it disabled over 150,000 accounts associated with scam centers in Southeast Asia as part of a coordinated effort in partnership with authorities from Thailand, the U.S.,… Read More »Meta Disables 150K Accounts Linked to Southeast Asia Scam Centers in Global Crackdown
“You knew, and you could have acted. Why didn’t you?” This is the question you do not want to be asked. And increasingly, it’s the question leaders are forced to… Read More »What Boards Must Demand in the Age of AI-Automated Exploitation
SAP has released security updates to address two critical security flaws that could be exploited to achieve arbitrary code execution on affected systems. The vulnerabilities in question listed below –… Read More »Dozens of Vendors Patch Security Flaws Across Enterprise Software and Network Devices
Microsoft on Tuesday released patches for a set of 84 new security vulnerabilities affecting various software components, including two that have been listed as publicly known. Of these, eight are… Read More »Microsoft Patches 84 Flaws in March Patch Tuesday, Including Two Public Zero-Days
A threat actor known as UNC6426 leveraged keys stolen following the supply chain compromise of the nx npm package last year to completely breach a victim’s cloud environment within a… Read More »UNC6426 Exploits nx npm Supply-Chain Attack to Gain AWS Admin Access in 72 Hours
Cybersecurity researchers have discovered five malicious Rust crates that masquerade as time-related utilities to transmit .env file data to the threat actors. The Rust packages, published to crates.io, are listed… Read More »Five Malicious Rust Crates and AI Bot Exploit CI/CD Pipelines to Steal Developer Secrets
Cybersecurity researchers are calling attention to a new campaign where threat actors are abusing FortiGate Next-Generation Firewall (NGFW) appliances as entry points to breach victim networks. The activity involves the… Read More »FortiGate Devices Exploited to Breach Networks and Steal Service Account Credentials
Cybersecurity researchers have discovered a new malware called KadNap that’s primarily targeting Asus routers to enlist them into a botnet for proxying malicious traffic. The malware, first detected in the… Read More »KadNap Malware Infects 14,000+ Edge Devices to Power Stealth Proxy Botnet
Cybersecurity researchers have disclosed nine cross-tenant vulnerabilities in Google Looker Studio that could have permitted attackers to run arbitrary SQL queries on victims’ databases and exfiltrate sensitive data within organizations’… Read More »New “LeakyLooker” Flaws in Google Looker Studio Could Enable Cross-Tenant SQL Queries