A digitally signed adware tool has deployed payloads running with SYSTEM privileges that disabled antivirus protections on thousands of endpoints, some in the educational, utilities, government, and healthcare sectors. […]
n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails
Threat actors have been observed weaponizing n8n, a popular artificial intelligence (AI) workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails.
“By leveraging trusted infrastructure, these attackers bypass traditional security filters, turning productivity tools into delivery
“By leveraging trusted infrastructure, these attackers bypass traditional security filters, turning productivity tools into delivery
Sweden Blames Pro-Russian Group for Cyberattack Last Year on Its Energy Infrastructure
In what was Sweden’s first public mention of the attack, the country’s minister for civil defense said it targeted a heating plant in western Sweden.
The post Sweden Blames Pro-Russian Group for Cyberattack Last Year on Its Energy Infrastructure appeared first on SecurityWeek.
Microsoft pays $2.3M for cloud and AI flaws at Zero Day Quest
Microsoft has awarded $2.3 million to security researchers after receiving nearly 700 submissions during this year’s Zero Day Quest hacking contest. […]
CISA flags Windows Task Host vulnerability as exploited in attacks
CISA warned U.S. government agencies to secure their systems against a Windows Task Host privilege escalation vulnerability that could allow attackers to gain SYSTEM privileges. […]
Exploited Vulnerability Exposes Nginx Servers to Hacking
Hackers are exploiting CVE-2026-33032, a critical remote takeover vulnerability in the Nginx UI management tool.
The post Exploited Vulnerability Exposes Nginx Servers to Hacking appeared first on SecurityWeek.
Rolling Networks: Securing the Transportation Sector
Modern trucks are rolling networks packed with sensors, connectivity, and attack surfaces, creating new cyber risks. NMFTA’s Cybersecurity Conference brings industry leaders together to tackle emerging threats in transportation. […]
Capsule Security Emerges From Stealth With $7 Million in Funding
The Israeli startup aims to secure AI agents at runtime, continuously monitoring their behavior to prevent unsafe actions.
The post Capsule Security Emerges From Stealth With $7 Million in Funding appeared first on SecurityWeek.
‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain Attacks
Researchers warn that a flaw in Anthropic’s Model Context Protocol allows unsanitized commands to execute silently, enabling full system compromise across widely used AI environments.
The post ‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain Attacks appeared first on SecurityWeek.
100 Chrome Extensions Steal User Data, Create Backdoor
Published through five accounts, the extensions appear part of a coordinated campaign based on shared C&C infrastructure.
The post 100 Chrome Extensions Steal User Data, Create Backdoor appeared first on SecurityWeek.