WhatsApp has begun rolling out parent-managed accounts for pre-teens, allowing parents and guardians to decide who can contact them and which groups they can join. […]
SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites
An SQL injection vulnerability in Ally, a WordPress plugin from Elementor for web accessibility and usability with more than 400,000 installations, could be exploited to steal sensitive data without authentication. […]
Senate Confirms Joshua Rudd to Lead NSA and US Cyber Command
The leadership structure, commonly referred to as the “dual-hat” arrangement, assigns a single individual to oversee both organizations.
The post Senate Confirms Joshua Rudd to Lead NSA and US Cyber Command appeared first on SecurityWeek.
CISA orders feds to patch n8n RCE flaw exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies on Wednesday to patch their systems against an actively exploited n8n vulnerability. […]
Medtech giant Stryker offline after Iran-linked wiper malware attack
Leading medical technology company Stryker has been hit by a wiper malware attack claimed by Handala, an Iranian-linked and pro-Palestinian hacktivist group. […]
New PhantomRaven NPM attack wave steals dev data via 88 packages
New attack waves from the ‘PhantomRaven’ supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers. […]
Researchers Trick Perplexity’s Comet AI Browser Into Phishing Scam in Under Four Minutes
Agentic web browsers that leverage artificial intelligence (AI) capabilities to autonomously execute actions across multiple websites on behalf of a user could be trained and tricked into falling prey to phishing and scam traps.
The attack, at its core, takes advantage of AI browsers’ tendency to reason their actions and use it against the model itself to lower their security guardrails, Guardio
The attack, at its core, takes advantage of AI browsers’ tendency to reason their actions and use it against the model itself to lower their security guardrails, Guardio
MedTech Giant Stryker Crippled by Iran-Linked Hacker Attack
Stryker was targeted by the Handala group, which claims to have wiped more than 200,000 of the company’s devices.
The post MedTech Giant Stryker Crippled by Iran-Linked Hacker Attack appeared first on SecurityWeek.
Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials
Cybersecurity researchers have disclosed details of two now-patched security flaws in the n8n workflow automation platform, including two critical bugs that could result in arbitrary command execution.
The vulnerabilities are listed below –
The vulnerabilities are listed below –
CVE-2026-27577 (CVSS score: 9.4) – Expression sandbox escape leading to remote code execution (RCE)
CVE-2026-27493 (CVSS score: 9.5) – Unauthenticated
Wiz Joins Google Cloud as Landmark Acquisition Closes
Google has completed its $32 billion acquisition of the cloud security giant, which will maintain its brand.
The post Wiz Joins Google Cloud as Landmark Acquisition Closes appeared first on SecurityWeek.