Information Disclosure
Max severity Ni8mare flaw impacts nearly 60,000 n8n instances
Nearly 60,000 n8n instances exposed online remain unpatched against a maximum-severity vulnerability dubbed “Ni8mare.” n8n is an open-source workflow automation platform that allows users to connect different applications and services via pre-built connectors and a visual, node-based interface to automate repetitive tasks without writing code. The automation platform is widely used in AI development to automate […]
Cisco warns of Identity Service Engine flaw with exploit code
Cisco has patched a vulnerability in its Identity Services Engine (ISE) network access control solution, with public proof-of-concept exploit code, that can be abused by attackers with admin privileges. Enterprise admins use Cisco ISE to manage endpoint, user, and device access to network resources while enforcing a zero-trust architecture. The security flaw (CVE-2026-20029) affects Cisco […]
Google fixes two Android zero days exploited in attacks, 107 flaws
Google has released the December 2025 Android security bulletin, addressing 107 vulnerabilities, including two flaws actively exploited in targeted attacks. The two high-severity vulnerabilities are tracked as CVE-2025-48633 and CVE-2025-48572. They are information disclosure and elevation-of-privilege issues, respectively, affecting Android versions 13 through 16. “There are indications that the following may be under limited, targeted […]
WordPress security plugin exposes private data to site subscribers
The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposing private information. The plugin provides malware scanning and protection against brute-force attacks, exploitation of known plugin flaws, and against database injection attempts. Identified as CVE-2025-11705, the […]
Steam and Microsoft warn of Unity flaw exposing gamers to attacks
A code execution vulnerability in the Unity game engine could be exploited to achieve code execution on Android and privilege escalation on Windows. Unity is a cross-platform game engine and development platform that provides rendering, physics, animation, and scripting tools for developers to create titles for Windows, macOS, Android, iOS, consoles, and the web. A […]
New ‘CitrixBleed 2’ NetScaler flaw let hackers hijack sessions
A recent vulnerability in Citrix NetScaler ADC and Gateway is dubbed “CitrixBleed 2,” after its similarity to an older exploited flaw that allowed unauthenticated attackers to hijack authentication session cookies from vulnerable devices. Last week, Citrix published a security bulletin warning about flaws tracked as CVE-2025-5777 and CVE-2025-5349 that impact NetScaler ADC and Gateway versions before 14.1-43.56, releases before […]
Google fixes high severity Chrome flaw with public exploit
Google has released emergency security updates to patch a high-severity vulnerability in the Chrome web browser that could lead to full account takeover following successful exploitation. While it’s unclear if this security flaw has been used in attacks, the company warned that it has a public exploit, which is how it usually hints at active […]
Windows NTLM hash leak flaw exploited in phishing attacks on governments
A Windows vulnerability that exposes NTLM hashes using .library-ms files is now actively exploited by hackers in phishing campaigns targeting government entities and private companies. The flaw tracked as CVE-2025-24054 was fixed in Microsoft’s March 2025 Patch Tuesday. Initially, it was not marked as actively exploited and was assessed as ‘less likely’ to be. However, Check Point researchers […]
New Mirai botnet behind surge in TVT DVR exploitation
A significant spike in exploitation attempts targeting TVT NVMS9000 DVRs has been detected, peaking on April 3, 2025, with over 2,500 unique IPs scanning for vulnerable devices. The attacks attempt to exploit an information disclosure vulnerability first disclosed by an SSD Advisory in May 2024, which published the full exploitation details on retrieving admin credentials in cleartext using […]
Google fixes Android zero-days exploited in attacks, 60 other flaws
Google has released patches for 62 vulnerabilities in Android’s April 2025 security update, including two zero-days exploited in targeted attacks. One of the zero-days, a high-severity privilege escalation security vulnerability (CVE-2024-53197) in the Linux kernel’s USB-audio driver for ALSA Devices, was reportedly exploited by Serbian authorities to unlock confiscated Android devices as part of a zero-day exploit chain developed […]