Category: Cybersecurity News
-
IBM API Connect Security Patches Released for Critical Authentication Bypass Flaw
IBM has issued a security alert for a critical authentication bypass vulnerability impacting IBM API Connect, warning that the flaw could let attackers gain access without valid credentials. API Connect is a foundational platform used by enterprises to build, secure, and manage APIs, meaning the issue strikes at the core of systems that connect key
-
LangChain Releases Patch to Resolve Critical Serialization Vulnerability Affecting Multiple Versions
A critical security vulnerability has been disclosed in LangChain that could enable attackers to extract environment secrets and inject unauthorized objects during deserialization. The issue affects LangChain Core versions 1.0.0 to 1.2.4 and LangChain versions below 0.3.81, with fixes now available in langchain-core 1.2.5 and langchain 0.3.81, according to the project’s official security advisory. The
-
Critical Remote Code Execution Vulnerability in n8n Fixed
A critical Remote Code Execution (RCE) vulnerability has been disclosed in n8n, a widely used open-source workflow automation platform. The issue affects a large range of versions and could allow attackers to execute arbitrary code on vulnerable systems. ecurity researchers warn that unpatched instances may be fully compromised if exploited. The flaw exists in n8n’s
-
WordPress E-commerce Plugin WooCommerce Patches Store API Flaw That Could Expose Guest Order Data
A security flaw affecting the online shopping platform WooCommerce has been patched after researchers discovered it could expose certain customer order details under specific conditions. The disclosure and patch details, disclosed in a developer advisory, impacted a wide range of WooCommerce versions used by millions of WordPress-based online stores worldwide. The vulnerability, tracked as GHSL-2025-129,
-
HPE Releases OneView Update Patching Critical Vulnerability
HPE (Hewlett-Packard Enterprise) has issued a high-severity security advisory for HPE OneView, warning of a vulnerability that could allow remote, unauthenticated attackers to execute arbitrary code on affected systems. HPE OneView is commonly deployed as a centralized management platform with deep visibility and control over compute, storage, and networking infrastructure. Because this vulnerability can be
-
Researchers Identify WhatsApp Attack Allowing Account Takeover
Security researchers at Gen Digital have recently discovered a newly observed attack technique targeting WhatsApp, which enables attackers to gain persistent access to user accounts by abusing WhatsApp’s legitimate device-linking functionality. The technique, referred to as a GhostPairing attack, does not rely on stolen passwords, SIM swapping, or malware. Instead, attackers use social engineering to
-
Millions of AI Conversations Collected by Popular VPN/Privacy Extensions Without Consent
Users aware of their privacy online often turn to browser extensions like VPNs and ad blockers to protect their online activities. But recent research reveals that one of the most popular VPN extensions, Urban VPN Proxy, has been secretly harvesting and selling users’ AI conversations without their consent, affecting over 8 million users worldwide, with
Categories:
Have any comments or suggestions? Feel free to let us know!
