Cybersecurity researchers have revealed a serious vulnerability affecting Ask Gordon, the AI assistant integrated into Docker Desktop and Docker CLI, that could allow attackers to execute code and steal sensitive information. The flaw, dubbed DockerDash by Noma Labs, was fixed in Docker version 4.50.0 released in November 2025. How DockerDash Works According to Sasi Levi, lead security researcher […]
A critical security vulnerability has been identified in OpenClaw, previously known as Clawdbot and Moltbot, that enables attackers to Customer Cabinetachieve remote code execution by tricking users into clicking a specially crafted link. The flaw has been assigned CVE-2026-25253 and carries a high CVSS score of 8.8. The issue was resolved in OpenClaw version 2026.1.29,
OpenClaw Vulnerability Enables One Click Remote Code Execution Through Malicious Link Read More »
SmarterTools has released security updates for its SmarterMail email platform, addressing multiple vulnerabilities, including a critical unauthenticated remote code execution flaw that could allow attackers to run arbitrary commands on affected systems. The most severe issue is tracked as CVE-2026-24423 and carries a CVSS score of 9.3, indicating a high risk to unpatched deployments. Unauthenticated RCE via ConnectToHub
SmarterMail Patches Critical Unauthenticated RCE Vulnerability with CVSS 9.3 Score Read More »
Ivanti has released urgent security updates to fix two critical vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM), both of which have been actively exploited as zero day attacks. One of the flaws has also been added to the U.S. Cybersecurity and Infrastructure Security Agency (CISA) Known Exploited Vulnerabilities catalog, highlighting the severity of the threat.
SolarWinds has issued security updates to fix multiple vulnerabilities affecting SolarWinds Web Help Desk (WHD), including four critical flaws that could enable unauthenticated attackers to bypass authentication and execute arbitrary code on affected systems. The vulnerabilities pose a serious risk to organizations using the platform, as several of the issues can be exploited without valid credentials, potentially giving
A critical security vulnerability has been disclosed in the widely used vm2 Node.js library, exposing systems to sandbox escape and arbitrary code execution risks. If exploited successfully, attackers could execute malicious code directly on the host operating system, completely bypassing vm2’s intended isolation mechanisms. The flaw is tracked as CVE-2026-22709 and carries a CVSS score of 9.8, placing it among the
Critical vm2 Node.js Vulnerability Allows Sandbox Escape and Arbitrary Code Execution Read More »
Cybersecurity researchers have disclosed two serious security flaws in the n8n workflow automation platform that could allow authenticated attackers to achieve remote code execution (RCE) and potentially take full control of affected environments. The vulnerabilities were discovered by the JFrog Security Research team and impact n8n’s sandboxing mechanisms for both JavaScript and Python execution. Given n8n’s deep integration across enterprise automation
Two High Severity n8n Vulnerabilities Allow Authenticated Remote Code Execution Read More »
Google has warned that multiple threat actors are actively exploiting a critical security vulnerability in WinRAR, despite the issue being patched months ago. The attacks involve a mix of nation state groups and financially motivated cybercriminals using the flaw to gain initial system access and deploy malware. According to the Google Threat Intelligence Group (GTIG), the vulnerability
Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088 Read More »
A severe security vulnerability has been identified in Grist-Core, the open-source self-hosted variant of the Grist relational spreadsheet-database, which could allow remote code execution (RCE). The flaw, cataloged as CVE-2026-24002 with a CVSS score of 9.1, has been dubbed Cellbreak by Cyera Research Labs. “One malicious formula can turn a spreadsheet into a Remote Code Execution (RCE) beachhead,” said security researcher Vladimir Tokarev, who
Critical Grist Core Vulnerability Enables RCE Attacks Through Spreadsheet Formulas Read More »
Microsoft has released emergency security updates for a critical Microsoft Office zero-day vulnerability that has been actively exploited by attackers. The flaw, identified as CVE-2026-21509 with a CVSS score of 7.8, is a security feature bypass within Microsoft Office. According to Microsoft, “Reliance on untrusted inputs in a security decision allows unauthorized attackers to bypass