Category: Security
Cybersecurity Threat Advisory: Unauthenticated RCE vulnerability in n8n
A severe unauthenticated remote code execution (RCE) vulnerability nicknamed “Ni8mare” has been discovered in the n8n workflow automation platform. This flaw, tracked as CVE-2026-21858, allows attackers to take full control of vulnerable n8n instances without needing credentials. Read this Cybersecurity Threat...
Threat Spotlight: How phishing kits evolved in 2025
In 2025, 90 percent of high-volume phishing campaigns leveraged Phishing-as-a-Service (PhaaS) kits. These kits have transformed the phishing landscape, enabling even less-skilled cybercriminals to access advanced tools and automation and launch large-scale, targeted phishing campaigns, often impersonating legitimate services and...
Cybersecurity in 2026: Experts predict what’s next
Over the past two weeks, we’ve reflected on 2025’s cybersecurity developments—with a few glimpses into 2026. Today, we turn our full attention to the year ahead, sharing predictions from leading experts on what’s next for cybersecurity. AI will elevate phishing...
Cybersecurity Threat Advisory: AdonisJS Bodyparser vulnerability
A severe security flaw has been identified in the @adonisjs/bodyparser npm package, a core component of the AdonisJS TypeScript-first web framework. Tracked as CVE-2026-21440, the vulnerability stems from a path traversal issue in the multipart file handling mechanism. If exploited,...
Cybersecurity Threat Advisory: Critical n8n vulnerability
A severe vulnerability, tracked as CVE-2025-68668 with a CVSS score of 9.9, was recently discovered in n8n, an open-source workflow automation platform. The flaw enables authenticated users with create or modify workflows permissions to execute arbitrary system commands on the...
Cybersecurity Threat Advisory: Critical vulnerability in IBM API Connect
A newly disclosed security vulnerability, CVE-2025-13915, affects IBM API Connect. This flaw could allow a remote attacker to bypass authentication and gain unauthorized access to applications. Review this Cybersecurity Threat Advisory for steps to mitigate your risk. What is the...
Cybercrime in 2026: Faster, smarter and fully industrialized
Cybercrime is no longer a loose collection of hackers, tools and opportunistic attacks. As we move into 2026, it has matured into a highly industrialized ecosystem—complete with specialization, automation, affiliate networks, and even cartel-like business models. The result is a...
Expert reflections: Top cybersecurity trends of 2025
As 2025 comes to a close, cybersecurity professionals are taking stock of a year shaped by both familiar threats and rising perils. So, what truly surprised security leaders this year—and what can we learn from it? To find out, I...
The 2025 ITRC Consumer Impact Report: A new era of identity crime
Founded in 1999, the Identity Theft Resource Center (ITRC) is a national nonprofit dedicated to empowering and guiding consumers, victims, businesses and government agencies to minimize risk and mitigate the impact of identity compromise and crime. The ITRC provides free...
Cybersecurity Threat Advisory: MongoDB RCE vulnerability
MongoDB has disclosed a high‑severity vulnerability, tracked as CVE‑2025‑14847, that could allow unauthenticated remote code execution (RCE). The flaw stems from the Zlib compression handler and can be exploited with low complexity, posing a serious risk to data confidentiality and...
