Microsoft has pushed back against claims that multiple prompt injection and sandbox-related issues raised by a security engineer in its Copilot AI assistant constitute security vulnerabilities. The development highlights a growing divide between how vendors and researchers define risk in generative AI systems. […]
Cybersecurity M&A Roundup: 30 Deals Announced in December 2025
Significant cybersecurity M&A deals announced by Akamai, Red Hat, Checkmarx, Silent Push, and ServiceNow.
The post Cybersecurity M&A Roundup: 30 Deals Announced in December 2025 appeared first on SecurityWeek.
New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands
A new critical security vulnerability has been disclosed in n8n, an open-source workflow automation platform, that could enable an authenticated attacker to execute arbitrary system commands on the underlying host.
The vulnerability, tracked as CVE-2025-68668, is rated 9.9 on the CVSS scoring system. It has been described as a case of a protection mechanism failure.
It affects n8n versions from
The vulnerability, tracked as CVE-2025-68668, is rated 9.9 on the CVSS scoring system. It has been described as a case of a protection mechanism failure.
It affects n8n versions from
Cloud file-sharing sites targeted for corporate data theft attacks
A threat actor known as Zestix has been offering to corporate data stolen from dozens of companies likely after breaching their ShareFile, Nextcloud, and OwnCloud instances. […]
ClickFix attack uses fake Windows BSOD screens to push malware
A new ClickFix social engineering campaign is targeting the hospitality sector in Europe, using fake Windows Blue Screen of Death (BSOD) screens to trick users into manually compiling and executing malware on their systems. […]
US broadband provider Brightspeed investigates breach claims
Brightspeed, one of the largest fiber broadband companies in the United States, is investigating security breach and data theft claims made by the Crimson Collective extortion gang. […]
Russia-Aligned Hackers Abuse Viber to Target Ukrainian Military and Government
The Russia-aligned threat actor known as UAC-0184 has been observed targeting Ukrainian military and government entities by leveraging the Viber messaging platform to deliver malicious ZIP archives.
“This organization has continued to conduct high-intensity intelligence gathering activities against Ukrainian military and government departments in 2025,” the 360 Threat Intelligence Center said in
“This organization has continued to conduct high-intensity intelligence gathering activities against Ukrainian military and government departments in 2025,” the 360 Threat Intelligence Center said in
Cyberattack Unlikely in Communications Failure That Grounded Flights in Greece
Flights across Greece were impacted for several hours after noise was reported on multiple air traffic communication channels.
The post Cyberattack Unlikely in Communications Failure That Grounded Flights in Greece appeared first on SecurityWeek.
Brightspeed Investigating Cyberattack
The hacking group Crimson Collective has claimed the theft of personal information pertaining to over 1 million Brightspeed customers.
The post Brightspeed Investigating Cyberattack appeared first on SecurityWeek.
Sedgwick Confirms Cyberattack on Government Subsidiary
Hackers have compromised a file transfer system at Sedgwick’s subsidiary that serves government agencies.
The post Sedgwick Confirms Cyberattack on Government Subsidiary appeared first on SecurityWeek.