The 2024 incident was initially linked to China, but an infostealer infection has now revealed North Korean involvement. The post Polyfill Supply Chain Attack Impacting 100k Sites Linked to North Korea appeared first on SecurityWeek.
Cybersecurity researchers have discovered half-a-dozen new Android malware families that come with capabilities to steal data from compromised devices and conduct financial fraud. The Android malware range from traditional banking trojans like PixRevolution, TaxiSpy RAT, BeatBanker, Mirax, and Oblivion RAT to full-fledged remote administration tools such as SURXRAT. PixRevolution, accordingRead More »Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting n8n to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability, tracked as CVE-2025-68613 (CVSS score: 9.9), concerns a case of expression injection that leads to remote code execution.Read More »CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed
Poland’s National Centre for Nuclear Research defended against a cyberattack.
The leadership structure, commonly referred to as the “dual-hat” arrangement, assigns a single individual to oversee both organizations. The post Senate Confirms Joshua Rudd to Lead NSA and US Cyber Command appeared first on SecurityWeek.
Agentic web browsers that leverage artificial intelligence (AI) capabilities to autonomously execute actions across multiple websites on behalf of a user could be trained and tricked into falling prey to phishing and scam traps. The attack, at its core, takes advantage of AI browsers’ tendency to reason their actions andRead More »Researchers Trick Perplexity’s Comet AI Browser Into Phishing Scam in Under Four Minutes
A hacktivist group with links to Iran’s intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker’s largest hub outside of the United States, said the company sent home more than 5,000 workers there today.Read More »Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
Stryker was targeted by the Handala group, which claims to have wiped more than 200,000 of the company’s devices. The post MedTech Giant Stryker Crippled by Iran-Linked Hacker Attack appeared first on SecurityWeek.
Stryker, a major U.S. medical technology organization, has been disrupted by a cyberattack.
Cybersecurity researchers have disclosed details of two now-patched security flaws in the n8n workflow automation platform, including two critical bugs that could result in arbitrary command execution. The vulnerabilities are listed below – CVE-2026-27577 (CVSS score: 9.4) – Expression sandbox escape leading to remote code execution (RCE) CVE-2026-27493 (CVSS score:Read More »Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials
