Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances
î ‚Dec 23, 2025î „Ravie LakshmananVulnerability / Workflow Automation A critical security vulnerability has been disclosed in the n8n workflow…
WatchGuard Warns of Active Exploitation of Critical Fireware OS VPN Vulnerability
î ‚Dec 19, 2025î „Ravie LakshmananVulnerability / Network Security WatchGuard has released fixes to address a critical security flaw in…
Featured Chrome Browser Extension Caught Intercepting Millions of Users’ AI Chats
A Google Chrome extension with a “Featured” badge and six million users has been observed silently gathering every…
Apple Issues Security Updates After Two WebKit Flaws Found Exploited in the Wild
î ‚Dec 13, 2025î „Ravie LakshmananZero-Day / Vulnerability Apple on Friday released security updates for iOS, iPadOS, macOS, tvOS, watchOS,…
Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability
î ‚Dec 05, 2025î „Ravie LakshmananVulnerability / Software Security Two hacking groups with ties to China have been observed weaponizing…
Ransomware’s Fragmentation Reaches a Breaking Point While LockBit Returns
Key Takeaways: 85 active ransomware and extortion groups observed in Q3 2025, reflecting the most decentralized ransomware ecosystem…
Microsoft Uncovers ‘Whisper Leak’ Attack That Identifies AI Chat Topics in Encrypted Traffic
Microsoft has disclosed details of a novel side-channel attack targeting remote language models that could enable a passive…
Samsung Mobile Flaw Exploited as Zero-Day to Deploy LANDFALL Android Spyware
î ‚Nov 07, 2025î „Ravie LakshmananMobile Security / Vulnerability A now-patched security flaw in Samsung Galaxy Android devices was exploited…
Chrome Zero-Day Exploited to Deliver Italian Memento Labs’ LeetAgent Spyware
The zero-day exploitation of a now-patched security flaw in Google Chrome led to the distribution of an espionage-related…
Newly Patched Critical Microsoft WSUS Flaw Comes Under Active Exploitation
Microsoft on Thursday released out-of-band security updates to patch a critical-severity Windows Server Update Service (WSUS) vulnerability with…
Five New Exploited Bugs Land in CISA’s Catalog — Oracle and Microsoft Among Targets
î ‚Oct 20, 2025î „Ravie LakshmananThreat Intelligence / Data Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday…
F5 Breach Exposes BIG-IP Source Code — Nation-State Hackers Behind Massive Intrusion
î ‚Oct 15, 2025î „Ravie LakshmananVulnerability / Threat Intelligence U.S. cybersecurity company F5 on Wednesday disclosed that unidentified threat actors…