The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting the n8n workflow automation platform to its Known Exploited Vulnerabilities (KEV) catalog, confirming that the flaw is currently being exploited in real world attacks. The vulnerability, tracked as CVE-2025-68613 with a CVSS score of 9.9, allows attackers to execute remote code […]
Cybersecurity researchers have revealed details about multiple serious vulnerabilities in the n8n workflow automation platform, including two critical flaws that could allow attackers to execute arbitrary commands on affected systems. The vulnerabilities have already been patched, but security experts warn that systems running older versions may remain vulnerable. Key Vulnerabilities Identified Researchers identified two major security
Cybersecurity researchers have revealed several critical security flaws in Anthropic’s Claude Code, an AI-driven coding assistant, which could allow attackers to execute remote code and steal API credentials. Check Point researchers Aviv Donenfeld and Oded Vanunu reported, “These vulnerabilities exploit multiple configuration points, including Hooks, Model Context Protocol (MCP) servers, and environment variables. Attackers can
Claude Code Vulnerabilities Enable Remote Code Execution and API Key Theft Read More »
SolarWinds has issued urgent security updates to resolve four critical vulnerabilities in its Serv-U file transfer platform. If exploited, these flaws could allow attackers to execute arbitrary code with root level privileges, creating severe security exposure for affected systems. All four vulnerabilities carry a CVSS score of 9.1, placing them in the critical severity category.
SolarWinds Fixes Four Critical Serv-U 15.5 Vulnerabilities Enabling Root Code Execution Read More »
A critical security flaw affecting BeyondTrust Remote Support and BeyondTrust Privileged Remote Access products is being actively exploited by threat actors to deploy web shells, backdoors, malware, and exfiltrate sensitive data. The vulnerability, tracked as CVE-2026-1731, carries a CVSS score of 9.9. Nature of the Vulnerability The flaw stems from a sanitization failure in the “thin-scc-wrapper” script, accessible via
BeyondTrust Vulnerability Exploited to Deploy Web Shells, Backdoors, and Steal Data Read More »
A serious cybersecurity vulnerability has been identified in the Grandstream GXP1600 series VoIP phones, potentially allowing attackers to take full control of affected devices without authentication. Security experts warn that this flaw could enable remote compromise with root-level privileges, placing enterprise voice networks at significant risk. Critical RCE Vulnerability Identified The vulnerability, tracked as CVE-2026-2329, carries a CVSS
Grandstream GXP1600 VoIP Phones Vulnerable to Unauthenticated Remote Code Execution Read More »
A critical security vulnerability has been discovered in the WPvivid Backup and Migration plugin for WordPress, a widely used tool installed on more than 900,000 websites. The flaw could allow unauthenticated attackers to execute arbitrary code on vulnerable sites, potentially leading to full website compromise. The vulnerability is tracked as CVE-2026-1357 and carries a CVSS
WordPress Plugin with 900K Installations Exposed to Critical RCE Vulnerability Read More »
Fortinet has released security updates to remediate a critical security flaw affecting FortiClientEMS that could allow attackers to execute arbitrary code without authentication. The vulnerability is tracked as CVE-2026-21643 and carries a CVSS score of 9.1, placing it among high impact enterprise security risks. According to Fortinet, the issue stems from improper handling of user
Fortinet Fixes Critical SQL Injection Flaw Allowing Unauthenticated Code Execution Read More »
BeyondTrust has released security updates to remediate a critical vulnerability affecting its Remote Support (RS) and Privileged Remote Access (PRA) products. If exploited, the flaw could allow unauthenticated attackers to achieve remote code execution on vulnerable systems. In a security advisory published on February 6, 2026, BeyondTrust confirmed that Remote Support and certain legacy versions of Privileged Remote Access
BeyondTrust Patches Critical Pre-Auth RCE Flaw in Remote Support and PRA Products Read More »
Threat hunters have revealed details of a sophisticated malware operation named DEAD#VAX, a stealth focused campaign that combines disciplined operational techniques with the abuse of legitimate Windows features to evade detection and deploy the AsyncRAT remote access trojan. According to researchers from Securonix, the campaign relies on IPFS hosted virtual hard disk files, advanced script obfuscation,
DEAD#VAX Malware Campaign Spreads AsyncRAT Using IPFS-Hosted VHD Phishing Files Read More »