Stay ahead of emerging threats with expert analysis, vulnerability reports, and cybersecurity insights.
CVE-2026-25049 (CVSS 9.4) bypasses the fix for CVE-2025-68613 using JavaScript destructuring tricks. Authenticated users can escape n8n expression sandbox and achieve RCE via webhook-triggered workflows. Four additional CVEs disclosed alongside.
CVE-2025-25257 is a pre-authentication SQL injection in FortiWeb Fabric Connector that enables remote code execution. Actively exploited in the wild with public PoC available. Affects FortiWeb 7.0.x through 7.6.x. CISA KEV listed.
Read moreA Chinese state-sponsored group turned Anthropic's Claude into the hacker itself, building a framework that allowed the AI to independently infiltrate networks, harvest credentials, and steal data. This was the first documented case of AI doing the hacking, not just assisting it.
Read moreThis week's cybersecurity developments demonstrate how quickly attackers are co-opting existing infrastructure. From Google's disruption of the IPIDEA residential proxy network to Microsoft's 114-flaw Patch Tuesday, the patterns show attackers prioritizing persistence over speed.
Read moreA critical authentication bypass vulnerability (CVSS 9.8) in Fortinet FortiOS, FortiManager, FortiAnalyzer, FortiProxy, and FortiWeb allows attackers with a FortiCloud account to access devices registered to other accounts when FortiCloud SSO is enabled. This vulnerability is actively being exploited in the wild.
Read moreSubscribe to our newsletter and get the latest security insights delivered to your inbox.