All News

A critical security vulnerability tracked as CVE-2026-25049  has been disclosed in the n8n workflow automation platform, allowing authenticated users to execute arbitrary system commands on the host running the service. The flaw carries a CVSS score of 9.4 and represents a bypass of an earlier fix for CVE-2025-68613 , a similarly severe issue patched in late 2025. The vulnerability exists in n8n’s expression evaluation engine, which is used to dynamically process workflow par

A China-linked threat actor tracked as Mustang Panda has been observed deploying an updated version of the COOLCLIENT backdoor in cyber espionage operations targeting government organizations throughout 2025. The activity primarily affected public sector entities in Myanmar, Mongolia, Malaysia, and Russia and demonstrates a continued evolution toward deeper endpoint surveillance and data exfiltration. The updated COOLCLIENT malware is typically delivered as a secondary payloa

Security researchers have uncovered a large-scale exposure of publicly accessible Ollama AI servers, revealing a previously underestimated layer of unmanaged artificial intelligence infrastructure on the internet. The joint investigation identified more than 175,000 unique Ollama hosts exposed across 130 countries, operating outside traditional cloud security controls and enterprise monitoring frameworks. Ollama is an open-source platform designed to allow users to run large

The maintainer of Notepad++ has confirmed that state-sponsored threat actors hijacked the project’s official update delivery path to distribute malware to a limited set of users. The incident did not stem from a vulnerability in the Notepad++ codebase itself, but from a compromise at the infrastructure level that allowed attackers to intercept and redirect update traffic. According to the project’s developer, the attackers gained control at the hosting provider level, enablin

The U.S. Cybersecurity and Infrastructure Security Agency has added a critical vulnerability in VMware vCenter Server, tracked as CVE-2024-37079 , to its Known Exploited Vulnerabilities catalog after confirming evidence of in-the-wild exploitation. This marks an escalation in risk for organizations that have not applied the patch released for this flaw. CVE-2024-37079 is a heap overflow weakness in the implementation of the DCE/RPC protocol within VMware vCenter Server. Heap

CISA has updated its Known Exploited Vulnerabilities catalog to include four security flaws that have been confirmed as actively exploited. The newly added CVEs affect enterprise collaboration software, SD-WAN orchestration platforms, frontend build tooling, and a widely used development configuration package, highlighting the diversity of attack surfaces currently being targeted. One of the newly added entries is CVE-2025-68645, a PHP remote file inclusion vulnerability affe

Fortinet has acknowledged that a recently disclosed vulnerability (CVE-2025-59718 and CVE-2025-59719) in its FortiCloud single sign-on service is being actively exploited in the wild. The flaw impacts how authentication tokens are processed, allowing threat actors to bypass normal access controls under certain conditions and gain unauthorized entry into customer environments that rely on FortiCloud for centralized identity management. The core of the issue stems from inadequa

A China-linked advanced persistent threat group has been observed actively exploiting a previously unknown remote code execution flaw (CVE-2025-53690) in the Sitecore content management platform. The vulnerability affects the Sitecore Experience Platform and Experience Manager and can be triggered without authentication, allowing attackers to execute arbitrary .NET code on vulnerable servers. The root cause of the flaw lies in insufficient input validation in a deserializatio

Fortinet has released security updates to fix a critical vulnerability (CVE-2025-64155) in FortiSIEM that could allow an unauthenticated remote attacker to execute arbitrary commands on affected systems. The flaw exists in a core FortiSIEM service responsible for internal communication and system monitoring functions. The vulnerability is caused by improper handling of user-supplied input passed to operating system command execution routines. A network-accessible service list

Palo Alto Networks has released a security update to address a denial of service vulnerability (CVE-2026-0227) in its GlobalProtect product, the company’s widely used remote access solution. The flaw could be triggered under certain conditions to disrupt connectivity and network security services for affected users. The vulnerability was identified in how GlobalProtect processes specific types of network traffic. When a specially crafted request is sent to a vulnerable system

A significant security flaw (CVE-2026-23550) has been uncovered in a widely used WordPress plugin, creating the potential for unauthorized access and compromise on sites that have not yet applied the necessary updates. The issue affects a modular content-building plugin that many site owners rely on to manage layouts and features without writing code. The vulnerability stems from insufficient checks on user input, meaning that under certain conditions an attacker could take a

The U.S. Cybersecurity and Infrastructure Security Agency has warned that a serious flaw in Gogs (CVE-2025-8110), a self-hosted Git service used by many developers for version control and collaboration, is being actively exploited by attackers. This advisory comes as evidence mounts that the weakness is being used in real-world attacks to compromise systems that have not yet been secured. The vulnerability allows unauthorized actors to perform actions that should normally be

Cisco has rolled out a set of security updates for its Identity Services Engine platform, addressing several vulnerabilities (CVE-2026-20029) that could pose serious risks if left unpatched. The Identity Services Engine is widely used by organizations to enforce secure access policies and manage authentication across networks, making these fixes an important priority for administrators. The vulnerabilities affect the way the platform processes certain types of data and reques

Trend Micro has disclosed a critical security vulnerability (CVE-2025-69258) in its Apex Central management platform that could allow a remote attacker to execute arbitrary code on affected systems. The flaw poses a serious risk for organizations that use Apex Central to monitor and manage security products across their networks. The issue arises from the way Apex Central handles certain data inputs. Under specific conditions, an attacker could send a crafted request to a vul

A serious security flaw (CVE-2026-21440) has been identified in the BodyParser component of AdonisJS, a popular web framework used by developers to build server-side applications in JavaScript. This vulnerability can allow attackers to execute arbitrary code and take control of applications that use the affected versions of the library. The issue affects how BodyParser processes certain types of request data. When a specially crafted request is sent to an application using a

The makers of n8n, a popular workflow automation platform, have warned users about a critical security vulnerability (CVE-2026-21877) that could allow attackers to execute arbitrary code on affected systems. The flaw has been assigned the highest possible severity rating, reflecting the level of risk it poses if left unaddressed. The vulnerability stems from how n8n handles certain types of input data. Under specific conditions, a remote attacker can craft malicious requests

A newly disclosed security flaw in MongoDB (CVE-2025-14847) has drawn serious attention from the security community after researchers confirmed that it can expose sensitive data directly from server memory. The issue, commonly referred to as MongoBleed, allows unauthenticated attackers to retrieve portions of memory from affected MongoDB servers under certain conditions. The vulnerability is caused by improper handling of compressed network messages. When a specially crafted

IBM has disclosed a serious security vulnerability CVE-2025-13915 affecting its API Connect platform, warning that the flaw could allow unauthorized access to systems that rely on the product to manage and protect application programming interfaces. The vulnerability impacts multiple versions of API Connect and is related to how authentication is enforced when handling certain requests. Under specific conditions, an attacker could bypass login controls and interact with prote

A significant number of Fortinet firewall devices connected to the internet are still exposed to a known authentication weakness (Fortinet SSL-VPN CVE-2020-12812), years after a fix was made available. Recent security scans show that many organizations continue to run vulnerable configurations, leaving remote access infrastructure open to potential abuse. The issue affects FortiGate firewalls using FortiOS and relates to how multi-factor authentication is handled on SSL VPN p