The Hacker News

Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances

Critical n8n flaw CVE-2025-68613 (CVSS 9.9) lets authenticated users run arbitrary code; versions 0.211.0–1.120.4 affected, ...

HPE warns of maximum severity RCE flaw in OneView software

Hewlett Packard Enterprise (HPE) has patched a maximum-severity vulnerability in its HPE OneView software that enables ...
HotHardware

Microsoft Windows Server Update Service Is Under Attack, What You Need To Know

Windows Server 2025 is currently open to a Remote Code Execution exploit via the Windows Update Service, and at the time of this writing a fix from Microsoft has yet to fully patch the issue. Reports ...
Dark Reading

Exploitation Risk Grows for Critical Cisco Bug

The risk of attackers exploiting a recently disclosed maximum severity vulnerability in Cisco's IOS XE Wireless Controller software has increased significantly following the public release of detailed ...
CSOonline

Researchers uncover RCE attack chains in popular enterprise credential vaults

Researchers have found 14 logic flaws in various components of HashiCorp Vault and CyberArk Conjur, two open-source credential management systems, allowing attacks that could bypass authentication ...
Bleeping Computer

Apache fixes critical OFBiz remote code execution vulnerability

Apache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers.
Dark Reading

South Korean APT Exploits 1-Click WPS Office Bug, Nabs Chinese Intel

Earlier this year, a South Korean advanced persistent threat (APT) exploited a critical vulnerability in WPS Office to spy on high-level entities in China. It turned out not to be the only critical ...