Skip to content
New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands

New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands

A new critical security vulnerability has been disclosed in n8n, an open-source workflow automation platform, that could enable an authenticated attacker to execute arbitrary system commands on the underlying host. The vulnerability, tracked as CVE-2025-68668, is rated 9.9 on the CVSS scoring system. It has been described as a caseRead More »New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands

Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers

Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers

Users of the “@adonisjs/bodyparser” npm package are being advised to update to the latest version following the disclosure of a critical security vulnerability that, if successfully exploited, could allow a remote attacker to write arbitrary files on the server. Tracked as CVE-2026-21440 (CVSS score: 9.2), the flaw has been describedRead More »Critical AdonisJS Bodyparser Flaw (CVSS 9.2) Enables Arbitrary File Write on Servers

Russia-Aligned Hackers Abuse Viber to Target Ukrainian Military and Government

Russia-Aligned Hackers Abuse Viber to Target Ukrainian Military and Government

The Russia-aligned threat actor known as UAC-0184 has been observed targeting Ukrainian military and government entities by leveraging the Viber messaging platform to deliver malicious ZIP archives. “This organization has continued to conduct high-intensity intelligence gathering activities against Ukrainian military and government departments in 2025,” the 360 Threat Intelligence CenterRead More »Russia-Aligned Hackers Abuse Viber to Target Ukrainian Military and Government

Brightspeed Investigating Cyberattack

The hacking group Crimson Collective has claimed the theft of personal information pertaining to over 1 million Brightspeed customers. The post Brightspeed Investigating Cyberattack appeared first on SecurityWeek.

Sedgwick Confirms Cyberattack on Government Subsidiary

Hackers have compromised a file transfer system at Sedgwick’s subsidiary that serves government agencies. The post Sedgwick Confirms Cyberattack on Government Subsidiary appeared first on SecurityWeek.

Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks

Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks

The botnet known as Kimwolf has infected more than 2 million Android devices by tunneling through residential proxy networks, according to findings from Synthient. “Key actors involved in the Kimwolf botnet are observed monetizing the botnet through app installs, selling residential proxy bandwidth, and selling its DDoS functionality,” the companyRead More »Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks

CISA KEV Catalog Expanded 20% in 2025, Topping 1,480 Entries

With 24 new vulnerabilities known to be exploited by ransomware groups, the list now includes 1,484 software and hardware flaws. The post CISA KEV Catalog Expanded 20% in 2025, Topping 1,480 Entries appeared first on SecurityWeek.

Copyright © 2026 infosecintel.net