A recent ownCloud advisory has highlighted a series of credential theft incidents affecting some organizations running self-hosted file-sharing platforms, including ownCloud Community Edition deployments. The advisory references a January 2026 report from threat intelligence firm Hudson Rock, which confirms the incidents were not caused by software vulnerabilities or a breach of the ownCloud platform itself.

Continue Reading

Security researchers at cybersecurity softare company OX Security have uncovered a widespread malware campaign involving two Chrome extensions that impersonate a legitimate AI sidebar tool while covertly collecting users’ ChatGPT and DeepSeek conversations along with extensive browsing data. Combined, the malicious extensions have been installed by more than 900,000 users. Despite containing data-stealing functionality, one

Continue Reading

IBM has issued a security alert for a critical authentication bypass vulnerability impacting IBM API Connect, warning that the flaw could let attackers gain access without valid credentials. API Connect is a foundational platform used by enterprises to build, secure, and manage APIs, meaning the issue strikes at the core of systems that connect key

Continue Reading

A critical security vulnerability has been disclosed in LangChain that could enable attackers to extract environment secrets and inject unauthorized objects during deserialization. The issue affects LangChain Core versions 1.0.0 to 1.2.4 and LangChain versions below 0.3.81, with fixes now available in langchain-core 1.2.5 and langchain 0.3.81, according to the project’s official security advisory. The

Continue Reading

A critical Remote Code Execution (RCE) vulnerability has been disclosed in n8n, a widely used open-source workflow automation platform. The issue affects a large range of versions and could allow attackers to execute arbitrary code on vulnerable systems. ecurity researchers warn that unpatched instances may be fully compromised if exploited. The flaw exists in n8n’s

Continue Reading

A security flaw affecting the online shopping platform WooCommerce has been patched after researchers discovered it could expose certain customer order details under specific conditions. The disclosure and patch details, disclosed in a developer advisory, impacted a wide range of WooCommerce versions used by millions of WordPress-based online stores worldwide. The vulnerability, tracked as GHSL-2025-129,

Continue Reading

HPE (Hewlett-Packard Enterprise) has issued a high-severity security advisory for HPE OneView, warning of a vulnerability that could allow remote, unauthenticated attackers to execute arbitrary code on affected systems. HPE OneView is commonly deployed as a centralized management platform with deep visibility and control over compute, storage, and networking infrastructure. Because this vulnerability can be

Continue Reading

Security researchers at Gen Digital have recently discovered a newly observed attack technique targeting WhatsApp, which enables attackers to gain persistent access to user accounts by abusing WhatsApp’s legitimate device-linking functionality. The technique, referred to as a GhostPairing attack, does not rely on stolen passwords, SIM swapping, or malware. Instead, attackers use social engineering to

Continue Reading