CISA adds n8n RCE flaw CVE-2025-68613 to KEV after active exploitation; 24,700 exposed instances raise compromise risk.

Two critical n8n flaws (CVSS 9.4, 9.5) enable RCE via expression sandbox escape and public forms, risking credential exposure ...

Researchers show GAN-trained phishing pages can trick Perplexity’s Comet AI browser in under four minutes, exposing a new AI-targeted attack surface.

AI-driven attack automation accelerates exploitation of thousands of open CVEs, forcing boards to confront vulnerability backlog risks.

SAP patches two critical flaws (CVSS 9.8, 9.1) affecting FS-QUO and NetWeaver, preventing remote code execution risks in enterprise systems.

Meta disabled 150,000 scam accounts tied to Southeast Asian fraud networks, prompting arrests and new anti-scam tools to protect users.

Microsoft patches 84 vulnerabilities, including two public zero-days, strengthening defenses against privilege escalation and cloud token theft.

Five malicious Rust crates and an AI bot exploited CI/CD pipelines and GitHub Actions in Feb 2026, stealing developer secrets ...

Malicious npm package '@openclaw-ai/openclawai' downloaded 178 times installs GhostLoader RAT, stealing credentials and crypto wallets.

KadNap botnet infects 14,000+ routers using DHT-based P2P control while ClipXDaemon hijacks crypto wallets on Linux X11.

UNC6426 used stolen GitHub tokens from the 2025 nx npm breach to gain AWS admin access in under 72 hours, enabling data theft and cloud destruction.

Your weekly cybersecurity roundup covering the latest threats, exploits, vulnerabilities, and security news you need to know.