This week's security landscape was dominated by critical vulnerabilities and significant breaches, underscoring persistent threats across major software platforms. High-severity CVEs demand immediate attention from enterprise security teams.
Top Security Stories
Russian hackers exploit recently patched Microsoft Office bug in attacks
Ukraine's Computer Emergency Response Team (CERT) says that Russian hackers are exploiting CVE-2026-21509, a recently patched vulnerability in multiple versions of Microsoft Office. [...]
Source: bleepingcomputer.com
Critical n8n flaws disclosed along with public exploits
Multiple critical vulnerabilities in the popular n8n open-source workflow automation platform allow escaping the confines of the environment and taking complete control of the host server. [...]
Source: bleepingcomputer.com
Ransomware Gang Goes Full 'Godfather' With Cartel
Since its launch in 2023, DragonForce has pushed a cartel model, emphasizing cooperation and coordination among ransomware gangs.
Source: darkreading.com
Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows
A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands. The flaw,...
Source: thehackernews.com
What’s next for DHS’s forthcoming replacement critical infrastructure protection panel, AI information sharing
Nick Andersen, a top CISA official, discussed plans for improving CIPAC and developing an AI-ISAC. The post What’s next for DHS’s forthcoming replacement critical infrastructure protection panel, AI i...
Source: cyberscoop.com
Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users
The maintainer of Notepad++ has revealed that state-sponsored attackers hijacked the utility's update mechanism to redirect update traffic to malicious servers instead. "The attack involved [an] infra...
Source: thehackernews.com
eScan Antivirus Update Servers Compromised to Deliver Multi-Stage Malware
The update infrastructure for eScan antivirus, a security solution developed by Indian cybersecurity company MicroWorld Technologies, has been compromised by unknown attackers to deliver a persistent ...
Source: thehackernews.com
Flickr discloses potential data breach exposing users' names, emails
Photo-sharing platform Flickr is notifying users of a potential data breach after a vulnerability at a third-party email service provider exposed their real names, email addresses, IP addresses, and a...
Source: bleepingcomputer.com
Hackers compromise NGINX servers to redirect user traffic
A threat actor is compromising NGINX servers in a campaign that hijacks user traffic and reroutes it through the attacker's backend infrastructure. [...]
Source: bleepingcomputer.com
Coinbase confirms insider breach linked to leaked support tool screenshots
Coinbase has confirmed an insider breach after a contractor improperly accessed the data of approximately thirty customers, which BleepingComputer has learned is a new incident that occurred in Decemb...
Source: bleepingcomputer.com
Russian Hackers Weaponize Microsoft Office Bug in Just 3 Days
APT28's attacks rely on specially crafted Microsoft Rich Text Format (RTF) documents to kick off a multistage infection chain to deliver malicious payloads.
Source: darkreading.com
Notepad++ users take note: It's time to check if you're hacked
Suspected China-state hackers used update infrastructure to deliver backdoored version.
Source: arstechnica.com
Notepad++ Supply Chain Hack Conducted by China via Hosting Provider
The likely state-sponsored threat actor had access to the hosting provider for months and targeted only certain Notepad++ customers. The post Notepad++ Supply Chain Hack Conducted by China via Hosting...
Source: securityweek.com
Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms
Google-owned Mandiant on Friday said it identified an "expansion in threat activity" that uses tradecraft consistent with extortion-themed attacks orchestrated by a financially motivated hacking group...
Source: thehackernews.com
Labyrinth Chollima Evolves into Three North Korean Hacking Groups
CrowdStrike assessed that two new threat actor groups have spun off from North Korean Labyrinth Chollima hackers
Source: infosecurity-magazine.com
Critical Vulnerabilities (CVEs)
| CVE ID | CVSS Score | Description |
|---|---|---|
| CVE-2019-25232 | 9.8 | NetPCLinker 1.0.0.0 contains a buffer overflow vulnerability in the Clients Control Panel DNS/IP field that allows attackers to execute arbitrary shel... |
| CVE-2020-37027 | 9.8 | Sickbeard alpha contains a remote command injection vulnerability that allows unauthenticated attackers to execute arbitrary commands through the extr... |
| CVE-2020-37043 | 9.8 | 10-Strike Bandwidth Monitor 3.9 contains a buffer overflow vulnerability that allows attackers to bypass SafeSEH, ASLR, and DEP protections through ca... |
| CVE-2020-37050 | 9.8 | Quick Player 1.3 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious .m3l file with caref... |
| CVE-2020-37052 | 9.8 | AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary system c... |