VulnHub

Recent updates to Chrome and Firefox have patched 26 security flaws, including several high-severity vulnerabilities that could allow attackers to execute arbitrary code. Chrome version 144 and Firefox version 147 are now available, and users are strongly encouraged to update their browsers to protect against potential exploits. These vulnerabilities can affect a wide range of users, making it crucial for individuals and organizations to stay current with software updates. Ignoring these patches could leave systems open to attacks that might compromise sensitive data or disrupt operations. The updates not only fix the bugs but also enhance overall browser security, which is vital in today’s digital landscape.

ServiceNow has addressed a significant flaw in its AI platform that could allow attackers to impersonate users. The company claims there is no evidence that this vulnerability was exploited before the patch was released in October. However, security researchers warn that the configuration of AI agents could still lead to prompt-injection style abuses, which could potentially compromise user accounts. This situation raises concerns about the security of AI systems and the risks they pose if not properly configured. Organizations using ServiceNow's AI features should ensure they implement the latest updates to mitigate any potential risks.

ServiceNow has reported a serious security vulnerability in its AI Platform that could allow an unauthenticated user to impersonate another user and take actions on their behalf. This flaw, identified as CVE-2025-12420, has a high severity rating of 9.3 out of 10, indicating a significant risk to users. The potential for impersonation means that attackers could exploit this weakness to gain unauthorized access to sensitive information or perform harmful actions. Organizations using ServiceNow's AI Platform should prioritize applying the patch to mitigate this risk and protect their users. The quick response from ServiceNow in addressing this vulnerability is crucial to maintaining trust in their services.

In January 2026, a significant software update addressed 114 Common Vulnerabilities and Exposures (CVEs), including three that were categorized as zero-days. These vulnerabilities could potentially allow attackers to execute arbitrary code or escalate privileges on affected systems. Notably, the patched software includes widely used products from major vendors, though specific names were not disclosed. This update is crucial as it aims to protect users from potential exploits that could compromise sensitive data or system integrity. Companies and users are strongly advised to apply the updates promptly to mitigate any risks associated with these vulnerabilities.

A significant security vulnerability, known as 'Ni8mare', has been discovered affecting nearly 60,000 instances of n8n, an open-source workflow automation tool. This flaw is classified as maximum severity, meaning it poses a serious risk to users who have not yet applied the necessary patches. The vulnerability could potentially allow attackers to exploit exposed instances, leading to unauthorized access or data breaches. As of now, many users remain unprotected, which raises concerns about the security of their automated workflows and sensitive data. It’s crucial for n8n users to address this issue immediately to prevent possible exploitation.

Trend Micro has released patches for a significant code execution vulnerability in its Apex Central product. This flaw could allow attackers to execute arbitrary code, putting systems at risk. Tenable has since provided proof-of-concept code and technical details, which could assist malicious actors in exploiting the vulnerability if users do not update their systems promptly. Companies using Apex Central need to apply the patches to protect their networks from potential attacks. The urgency of this update is underscored by the fact that vulnerabilities of this nature can lead to serious breaches if left unaddressed.

Trend Micro has addressed a serious vulnerability in its Apex Central software, which is used for centralized management of security solutions. This flaw could allow attackers to run arbitrary code with SYSTEM privileges, potentially giving them full control over affected systems. The vulnerability affects the on-premise version of Apex Central, putting companies that rely on this tool at risk. Users are advised to apply the latest patches immediately to protect their systems from potential exploitation. This incident underscores the need for regular updates and vigilance in cybersecurity practices.

Researchers have identified a severe vulnerability in n8n, a widely-used workflow automation platform, allowing unauthenticated attackers to take full control of affected instances. This flaw, tracked as CVE-2026-21858 and given a maximum CVSS score of 10.0, has been named Ni8mare by Cyera Research Labs. The issue poses a significant risk as it could enable attackers to manipulate workflows and access sensitive data without any authentication. Users of n8n need to take this threat seriously, as the implications of such a breach could be extensive, impacting data integrity and privacy. Immediate action is recommended to safeguard systems until a patch is made available.

Veeam has issued security updates to address several vulnerabilities in its Backup & Replication software, including a significant remote code execution (RCE) flaw. This critical vulnerability could allow attackers to gain control over backup servers, posing a serious risk to organizations relying on this software for data protection. The flaws affect various versions of the Backup & Replication software, potentially exposing many users to exploitation if they do not update promptly. This situation is concerning as backup servers are vital for data recovery and integrity, and any compromise could lead to severe operational disruptions. Users are urged to apply the latest patches to safeguard their systems.

A serious vulnerability has been found in n8n, an open-source workflow automation platform, which could allow authenticated users to run arbitrary system commands on the server. This vulnerability, identified as CVE-2025-68668, has a high severity score of 9.9 according to the CVSS system, indicating a significant risk. It stems from a failure in the protection mechanisms that should keep the system secure. Users of n8n should be particularly concerned as this issue could lead to unauthorized control over their systems. The affected versions include all versions prior to the patch that addresses this vulnerability, making it crucial for users to update their installations promptly to prevent potential exploitation.