The Hacker News

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

Critical n8n v CVE-2026-25049 allows authenticated workflow abuse to execute system commands and expose server data.
Que.com on MSN

Docker patches critical 'Ask Gordon AI' flaw enabling code execution

Docker has released security fixes for a critical vulnerability affecting its AI-assisted feature known as Ask Gordon. The ...
SecurityWeek

Cisco, F5 Patch High-Severity Vulnerabilities

Cisco and F5 have patched multiple vulnerabilities, including high-severity bugs leading to DoS conditions and command ...
The Hacker News

ClickFix Attacks Expand Using Fake CAPTCHAs, Microsoft Scripts, and Trusted Web Services

ClickFix uses fake CAPTCHAs and a signed Microsoft App-V script to deploy Amatera stealer on enterprise Windows systems.
SecurityWeek

Critical SmarterMail Vulnerability Exploited in Ransomware Attacks

CISA warns of a new SmarterTools SmarterMail vulnerability exploited by ransomware groups for unauthenticated RCE.
Microsoft

New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.