Author: user

January 7, 2026Rabi LakshmananVulnerability/Automation Cybersecurity researchers have detailed yet another maximum-severity security flaw in n8n, a popular workflow automation platform. This flaw allows an unauthenticated, remote attacker to gain complete control of a susceptible instance. This vulnerability is tracked as CVE-2026-21858 (CVSS score: 10.0) and codenamed “Ni8mare” by Cyera Research Labs. Security researcher Dor Attias is credited with discovering and reporting this flaw on November 9, 2025. “The n8n vulnerability allows an attacker to gain access to files on the underlying server through the execution of certain form-based workflows,” n8n said in an advisory published today. “A vulnerable workflow could…

A new national survey shows homebuyers are ready to address PFAS once rapid and accessible testing tools are available. For decades, PFAS testing has been conducted almost entirely within a regulatory, industrial, and scientific environment. Water utilities test at the treatment plant level, environmental agencies measure PFAS during contamination events, and laboratories rely on specialized, time-consuming workflows. Meanwhile, households most affected by PFAS have few practical ways to test their water or soil. Traditional PFAS testing is expensive, time-consuming, logistically complex, and optimized for laboratories rather than the quick timelines of homes and real estate transactions. As PFAS awareness increases,…

Following a series of lawsuits and investigations into child safety, Roblox has introduced mandatory facial recognition for all users who want to access chat. The company is now rolling out the requirement globally after testing it in several markets last month. To complete the age verification process, users must open the Roblox app, grant camera access, and follow a series of on-screen instructions for facial recognition. Once age verification is complete, Roblox says all of the user’s images and videos will be removed. Roblox says this verification is handled by a third-party vendor, Persona, and images and videos will also…

January 7, 2026hacker newsThreat detection/endpoint security Security teams are still catching malware. The question is, what are they not catching? Currently, there are an increasing number of attacks that do not arrive as files. It does not drop binaries. Traditional alerts are not triggered. Instead, it runs silently through tools already present in your environment, such as scripts, remote access, browsers, and developer workflows. This change creates blind spots. Participate in an in-depth technical session with the Zscaler Internet Access team. They reveal how to expose “invisible” tactics, why traditional defenses are inadequate, and what exactly needs to change. Secure…

January 7, 2026Rabi LakshmananVulnerability / Cloud Security Open source workflow automation platform n8n has warned of a maximum severity security flaw that, if successfully exploited, could lead to authenticated remote code execution (RCE). This vulnerability has been assigned CVE identifier CVE-2026-21877 and is rated 10.0 by the CVSS scoring system. “Under certain conditions, it may be possible for an authenticated user to execute untrusted code by the n8n service,” n8n said in an advisory published Tuesday. “This could result in a complete compromise of the affected instance.” Administrators said both self-hosted deployments and n8n Cloud instances are affected. This issue…

Patient: 35-year-old male living in IranSymptoms: A man visited the urology department of a hospital complaining of bladder discomfort. He had no problems urinating and had no history of surgery or disease in that part of his body. Nor did he experience the typical symptoms of a urinary tract infection, such as constantly feeling the need to urinate or a burning sensation while urinating.What happened next: Doctors performed a physical examination of the man’s abdomen and detected a large, smooth, hard mass above the pubic bone, at the front of the pelvis where the two pubic bones are connected by…

January 7, 2026hacker newsEnterprise security/artificial intelligence Non-human employees are becoming the future of cybersecurity, and businesses need to prepare accordingly. As organizations expand artificial intelligence (AI) and cloud automation, non-human identities (NHI) such as bots, AI agents, service accounts, and automation scripts are rapidly increasing. In fact, in ConductorOne’s 2025 Future of Identity Security report, 51% of respondents said the security of their NHI is now as important as the security of their human accounts. However, despite their presence in modern organizations, NHIs often operate outside of traditional identity and access management (IAM) systems. This increased reliance on non-human users…

January 7, 2026Ravi LakshmananVulnerabilities / Enterprise Security Veeam has released a security update that addresses multiple flaws in its backup and replication software, including a “critical” issue that could lead to remote code execution (RCE). This vulnerability is tracked as CVE-2025-59470 and has a CVSS score of 9.0. “This vulnerability allows a backup or tape operator to perform remote code execution (RCE) as the postgres user by sending malicious interval or ordering parameters,” it said in Tuesday’s security bulletin. According to Veeam documentation, users with the Backup Operator role can start and stop existing jobs. Export your backup. Copy your…

SHASAI, a new EU-funded project, will address cybersecurity risks in AI systems, from design to actual operation. Funded under the Horizon Europe program, SHASAI aims to strengthen the security, resilience and reliability of AI-based systems as cybersecurity threats become more common. Address cybersecurity risks from early design and development stages to deployment and actual operations. Leticia Montalvillo Mendizabal, cybersecurity researcher at IKERLAN and SHASAI project coordinator, explains: “By combining secure hardware and software, risk-driven engineering, and real-world validation, this project will help organizations deploy AI systems that are not only innovative, but also resilient, reliable, and compliant with European regulations.”…

January 7, 2026Ravi LakshmananEmail Security/Financial Fraud Phishing attackers exploit routing scenarios and misconfigured spoofing protections to impersonate an organization’s domain and distribute emails that appear to be sent internally. “Threat actors are leveraging this vector to deliver a variety of phishing messages related to various phishing-as-a-service (PhaaS) platforms, such as Tycoon 2FA,” the Microsoft Threat Intelligence team said in a Tuesday report. “These include decoy messages with themes such as voicemails, shared documents, communications from human resources, password resets and expiration dates, etc., leading to credential phishing.” While this attack vector is not necessarily new, the tech giant said it…