Category: Security
Cybersecurity Threat Advisory: Path traversal RCE in Gogs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) confirmed active exploitation of a critical vulnerability in the self-hosted Git service Gogs, adding it to the Known Exploited Vulnerabilities (KEV) catalog. Federal Civilian Executive Branch agencies must apply mitigations or discontinue...
Cybersecurity Threat Advisory: ServiceNow AI Platform vulnerability
ServiceNow has revealed details of a critical vulnerability—now patched—in its AI Platform that could allow an unauthenticated attacker to impersonate any user and execute actions with that user’s privileges. Review this Cybersecurity Threat Advisory now to mitigate your risk and...
Cybersecurity Threat Advisory: Urgent patch for Trend Micro RCE flaw
Trend Micro has released security updates addressing multiple vulnerabilities in on-premises versions of Apex Central. The most critical issue, CVE-2025-69258 with a CVSS score of 9.8, is a remote code execution vulnerability in LoadLibraryEX. Two other vulnerabilities, CVE-2025-69259 with a...
Cybersecurity Threat Advisory: Unauthenticated RCE vulnerability in n8n
A severe unauthenticated remote code execution (RCE) vulnerability nicknamed “Ni8mare” has been discovered in the n8n workflow automation platform. This flaw, tracked as CVE-2026-21858, allows attackers to take full control of vulnerable n8n instances without needing credentials. Read this Cybersecurity Threat...
Threat Spotlight: How phishing kits evolved in 2025
In 2025, 90 percent of high-volume phishing campaigns leveraged Phishing-as-a-Service (PhaaS) kits. These kits have transformed the phishing landscape, enabling even less-skilled cybercriminals to access advanced tools and automation and launch large-scale, targeted phishing campaigns, often impersonating legitimate services and...
Cybersecurity in 2026: Experts predict what’s next
Over the past two weeks, we’ve reflected on 2025’s cybersecurity developments—with a few glimpses into 2026. Today, we turn our full attention to the year ahead, sharing predictions from leading experts on what’s next for cybersecurity. AI will elevate phishing...
Cybersecurity Threat Advisory: AdonisJS Bodyparser vulnerability
A severe security flaw has been identified in the @adonisjs/bodyparser npm package, a core component of the AdonisJS TypeScript-first web framework. Tracked as CVE-2026-21440, the vulnerability stems from a path traversal issue in the multipart file handling mechanism. If exploited,...
Cybersecurity Threat Advisory: Critical n8n vulnerability
A severe vulnerability, tracked as CVE-2025-68668 with a CVSS score of 9.9, was recently discovered in n8n, an open-source workflow automation platform. The flaw enables authenticated users with create or modify workflows permissions to execute arbitrary system commands on the...
Cybersecurity Threat Advisory: Critical vulnerability in IBM API Connect
A newly disclosed security vulnerability, CVE-2025-13915, affects IBM API Connect. This flaw could allow a remote attacker to bypass authentication and gain unauthorized access to applications. Review this Cybersecurity Threat Advisory for steps to mitigate your risk. What is the...
Cybercrime in 2026: Faster, smarter and fully industrialized
Cybercrime is no longer a loose collection of hackers, tools and opportunistic attacks. As we move into 2026, it has matured into a highly industrialized ecosystem—complete with specialization, automation, affiliate networks, and even cartel-like business models. The result is a...
