Tracked as CVE-2026-21858 (CVSS score 10), the bug enables remote code execution without authentication.
The post Critical Vulnerability Exposes n8n Instances to Takeover Attacks appeared first on SecurityWeek.
ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories
The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere.
This week’s stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in.
Read on to catch up before the next wave hits.
This week’s stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in.
Read on to catch up before the next wave hits.
Honeypot Traps Hackers
Hackers Fall for
Microsoft Exchange Online outage blocks access to mailboxes via IMAP4
Microsoft is working to fix an Exchange Online service outage that intermittently prevents users from accessing their mailboxes via the Internet Mailbox Access Protocol 4 (IMAP4). […]
Researchers Expose WHILL Wheelchair Safety Risks via Remote Hacking
CISA advisory warns that unauthenticated Bluetooth access in WHILL devices allows for unauthorized movement.
The post Researchers Expose WHILL Wheelchair Safety Risks via Remote Hacking appeared first on SecurityWeek.
Microsoft to enforce MFA for Microsoft 365 admin center sign-ins
Microsoft will start enforcing multi-factor authentication (MFA) for all users accessing the Microsoft 365 admin center starting next month. […]
The State of Trusted Open Source
Chainguard, the trusted source for open source, has a unique view into how modern organizations actually consume open source software and where they run into risk and operational burdens. Across a growing customer base and an extensive catalog of over 1800 container image projects, 148,000 versions, 290,000 images, and 100,000 language libraries, and almost half a billion builds, they can see
Critical HPE OneView Vulnerability Exploited in Attacks
The maximum-severity code injection flaw can be exploited without authentication for remote code execution.
The post Critical HPE OneView Vulnerability Exploited in Attacks appeared first on SecurityWeek.
Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release
Cisco has released updates to address a medium-severity security flaw in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) with a public proof-of-concept (PoC) exploit.
The vulnerability, tracked as CVE-2026-20029 (CVSS score: 4.9), resides in the licensing feature and could allow an authenticated, remote attacker with administrative privileges to gain access to
The vulnerability, tracked as CVE-2026-20029 (CVSS score: 4.9), resides in the licensing feature and could allow an authenticated, remote attacker with administrative privileges to gain access to
Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages
Cybersecurity researchers have discovered three malicious npm packages that are designed to deliver a previously undocumented malware called NodeCordRAT.
The names of the packages, all of which were taken down as of November 2025, are listed below. They were uploaded by a user named “wenmoonx.”
The names of the packages, all of which were taken down as of November 2025, are listed below. They were uploaded by a user named “wenmoonx.”
bitcoin-main-lib (2,300 Downloads)
bitcoin-lib-js (193 Downloads)
bip40 (970 Downloads)
“The
Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances
Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify, an open-source, self-hosting platform, that could result in authentication bypass and remote code execution.
The list of vulnerabilities is as follows –
The list of vulnerabilities is as follows –
CVE-2025-66209 (CVSS score: 10.0) – A command injection vulnerability in the database backup functionality allows any authenticated