A maximum severity vulnerability dubbed "Ni8mare" allows remote, unauthenticated attackers to take control over locally deployed instances of the N8N workflow automation platform.
BleepingComputer
Max severity Ni8mare flaw lets hackers hijack n8n servers
A maximum severity vulnerability dubbed "Ni8mare" allows remote, unauthenticated attackers to take control over locally deployed instances of the N...
Brightspeed, one of the largest fiber broadband companies in the United States, is investigating security breach and data theft claims made by the Crimson Collective extortion gang.
BleepingComputer
US broadband provider Brightspeed investigates breach claims
Brightspeed, one of the largest fiber broadband companies in the United States, is investigating security breach and data theft claims made by the ...
Fortinet has warned customers that threat actors are still actively exploiting a critical FortiOS vulnerability that allows them to bypass two-factor authentication (2FA) when targeting vulnerable FortiGate firewalls.
BleepingComputer
Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks
Fortinet has warned customers that threat actors are still actively exploiting a critical FortiOS vulnerability that allows them to bypass two-fact...
A new campaign dubbed 'GhostPoster' is hiding JavaScript code in the image logo of malicious Firefox extensions counting more than 50,000 downloads, to monitor browser activity and plant a backdoor.
BleepingComputer
GhostPoster attacks hide malicious JavaScript in Firefox addon logos
A new campaign dubbed 'GhostPoster' is hiding JavaScript code in the image logo of malicious Firefox extensions counting more than 50,000...
Hackers are exploiting critical-severity vulnerabilities affecting multiple Fortinet products to get unauthorized access to admin accounts and steal system configuration files.
BleepingComputer
Hackers exploit newly patched Fortinet auth bypass flaws
Hackers are exploiting critical-severity vulnerabilities affecting multiple Fortinet products to get unauthorized access to admin accounts and stea...
An email scam is abusing abusing PayPal's "Subscriptions" billing feature to send legitimate PayPal emails that contain fake purchase notifications embedded in the Customer service URL field.
BleepingComputer
Beware: PayPal subscriptions abused to send fake purchase emails
An email scam is abusing abusing PayPal's "Subscriptions" billing feature to send legitimate PayPal emails that contain fake purchase notifica...
American IT software company Ivanti warned customers today to patch a newly disclosed vulnerability in its Endpoint Manager (EPM) solution that could allow attackers to execute code remotely.
BleepingComputer
Ivanti warns of critical Endpoint Manager code execution flaw
American IT software company Ivanti warned customers today to patch a newly disclosed vulnerability in its Endpoint Manager (EPM) solution that cou...
Portugal has modified its cybercrime law to establish a legal safe harbor for good-faith security research and to make hacking non-punishable under certain strict conditions.
BleepingComputer
Portugal updates cybercrime law to exempt security researchers
Portugal has modified its cybercrime law to establish a legal safe harbor for good-faith security research and to make hacking non-punishable under...
Cloudflare is down, as websites are crashing with a 500 Internal Server Error.
BleepingComputer
Cloudflare down, websites offline with 500 Internal Server Error
Cloudflare is down, as websites are crashing with a 500 Internal Server Error. Cloudflare is investigating the reports.
​Microsoft is investigating and working to resolve a known issue that prevents customers from downloading Microsoft 365 desktop apps from the Microsoft 365 homepage.
BleepingComputer
Microsoft 365 license check bug blocks desktop app downloads
​Microsoft is investigating and working to resolve a known issue that prevents customers from downloading Microsoft 365 desktop apps from the Mic...