The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has identified a serious vulnerability in HPE OneView that is currently being exploited in the wild. This flaw could allow attackers to gain unauthorized access to sensitive systems and data, posing significant risks to organizations using HPE's management software. Users of HPE OneView should be particularly vigilant, as this vulnerability could lead to severe disruptions or data breaches. Companies utilizing affected systems are advised to take immediate action to secure their environments. The situation underscores the critical need for timely updates and patch management to protect against active threats.
Articles tagged "Vulnerability"
Found 959 articles
Researchers have identified a serious vulnerability in n8n, an automated workflow platform used by around 100,000 servers for AI and enterprise tools. This defect could allow attackers to exploit the system, putting sensitive data and operations at risk. Organizations utilizing n8n need to take immediate action to protect their systems. The flaw is considered to have maximum severity, which means it poses a significant risk to affected users. As the situation develops, it is crucial for companies to stay informed and implement necessary security measures to mitigate potential attacks.
Hackers are taking advantage of a serious zero-day vulnerability in D-Link DSL routers that are no longer supported. This flaw allows attackers to execute arbitrary commands on the devices, posing significant risks to users still relying on these outdated models. As these routers are not receiving security updates, individuals and businesses using them are particularly vulnerable to unauthorized access and potential data breaches. Users are urged to consider replacing their D-Link routers with more secure, supported options to mitigate these risks. The exploitation of such vulnerabilities underscores the importance of using updated technology in a cybersecurity landscape that is constantly evolving.
The jsPDF library, widely used for generating PDF documents in JavaScript applications, has a critical vulnerability that allows attackers to access sensitive data from a user's local filesystem. This flaw enables malicious actors to embed local files into generated PDFs, potentially leading to data breaches. Developers using jsPDF in their applications should be particularly vigilant, as this could affect any application relying on this library for PDF generation. The implications are serious, as sensitive information could be easily extracted without user consent. Users of applications built with jsPDF need to be aware of this risk and ensure that they update to the latest version as soon as a fix is available.
A serious vulnerability in n8n, known as Ni8mare (CVE-2026-21858), has been identified, allowing attackers to gain full control over affected instances without any authentication. This flaw has a maximum severity score of 10.0, indicating a high level of risk for users. Researchers from Cyera discovered this vulnerability, raising concerns about the security of workflow automation processes that many organizations rely on. If exploited, this could lead to unauthorized access, data breaches, and significant operational disruptions. Users and companies utilizing n8n should take immediate steps to secure their systems to prevent potential exploitation.
Logitech's Options+ and G Hub applications for macOS have stopped functioning due to an expired code-signing certificate. This issue means that users are unable to launch these applications on their Apple systems, impacting those who rely on them for device customization and management. The problem arose suddenly, leaving many users without access to essential features. While this isn't a security vulnerability or breach, it does highlight the importance of maintaining valid certificates for software integrity and user access. Logitech will need to address this promptly to restore functionality for affected users.
BleepingComputer
A serious security flaw known as 'Ni8mare' has been discovered in the N8N workflow automation platform, which could allow attackers to remotely take control of servers running the software. This vulnerability is particularly concerning as it does not require any authentication, making it easier for malicious actors to exploit. Users of N8N should be alarmed, as the flaw affects all locally deployed instances. Companies and individuals using this platform need to prioritize patching their systems to avoid potential breaches. The implications are significant, as a successful attack could lead to unauthorized access to sensitive workflows and data.
Attackers are taking advantage of misconfigured email routing to send phishing emails that appear to come from within an organization. This tactic involves using Platforms as a Service (PhaaS), such as Tycoon2FA, to create these deceptive messages aimed at stealing user credentials. The vulnerability lies in the complex routing scenarios and inadequate spoof protections that companies have in place, making it easier for these phishing attempts to bypass security measures. Organizations need to be vigilant about their email configurations and ensure that their spoof protections are properly set up to prevent these types of attacks. Without proper safeguards, employees may unknowingly provide sensitive information to attackers posing as internal communications.
The Hacker News
Researchers have identified a severe vulnerability in n8n, a widely-used workflow automation platform, allowing unauthenticated attackers to take full control of affected instances. This flaw, tracked as CVE-2026-21858 and given a maximum CVSS score of 10.0, has been named Ni8mare by Cyera Research Labs. The issue poses a significant risk as it could enable attackers to manipulate workflows and access sensitive data without any authentication. Users of n8n need to take this threat seriously, as the implications of such a breach could be extensive, impacting data integrity and privacy. Immediate action is recommended to safeguard systems until a patch is made available.
Veeam has issued security updates to address several vulnerabilities in its Backup & Replication software, including a significant remote code execution (RCE) flaw. This critical vulnerability could allow attackers to gain control over backup servers, posing a serious risk to organizations relying on this software for data protection. The flaws affect various versions of the Backup & Replication software, potentially exposing many users to exploitation if they do not update promptly. This situation is concerning as backup servers are vital for data recovery and integrity, and any compromise could lead to severe operational disruptions. Users are urged to apply the latest patches to safeguard their systems.
A newly discovered vulnerability in discontinued D-Link devices poses a serious risk, allowing attackers to execute arbitrary shell commands without authentication. This critical-severity flaw affects users of these outdated devices, which may still be in use despite not being supported or receiving updates from the manufacturer. The fact that the vulnerability is being actively exploited means that users should take immediate action to safeguard their networks. If left unaddressed, this could allow attackers to gain control over affected devices, potentially leading to larger network breaches. Users of D-Link products are advised to assess their device usage and consider replacing unsupported hardware to mitigate these risks.
Veeam has addressed a serious remote code execution (RCE) vulnerability in its Backup & Replication software, identified as CVE-2025-59470, which has a high severity score of 9.0 on the CVSS scale. This flaw allows Backup or Tape Operators to execute arbitrary code remotely as the postgres user, potentially leading to significant security breaches. Alongside this critical issue, Veeam also patched several other vulnerabilities in the same software suite. Users of Veeam Backup & Replication should prioritize applying these patches to safeguard their systems from potential exploitation. The swift response by Veeam reflects the importance of maintaining updated software to prevent unauthorized access and data breaches.
The open-source workflow automation platform n8n has alerted users to a serious security vulnerability, identified as CVE-2026-21877, which carries a CVSS score of 10.0. This flaw could allow authenticated users to execute untrusted code remotely, posing a significant risk to both self-hosted and cloud versions of the software. Users and organizations utilizing n8n need to be aware of this vulnerability as it could lead to unauthorized access and potential data breaches. The company recommends that affected users take immediate action to secure their systems. As of now, the specific details regarding patches or updates have not been disclosed, but users should monitor official channels for further instructions.
Hackers are exploiting a serious vulnerability in older D-Link DSL routers, identified as CVE-2026-0625. This flaw allows attackers to execute commands remotely, potentially compromising users' devices and networks. The vulnerability has a high severity score of 9.3, which indicates that it poses a significant risk. Users of legacy D-Link DSL routers need to be aware of this issue as it could lead to unauthorized access and control over their internet-connected devices. As attackers actively exploit this flaw, it is crucial for affected users to take immediate action to protect their systems.
The Hacker News
A serious security vulnerability has been identified in legacy D-Link DSL gateway routers, specifically affecting the 'dnscfg.cgi' endpoint. This flaw, known as CVE-2026-0625, has a high severity score of 9.3 and allows unauthenticated remote attackers to execute commands through improper handling of user-provided DNS configuration inputs. Current reports indicate that this vulnerability is actively being exploited in the wild, putting users of these older routers at risk. It is crucial for individuals and organizations using these devices to be aware of the potential for unauthorized access and control. The situation underscores the need for users to assess their network security and consider upgrading their hardware to mitigate these risks.