Security Articles

Stay ahead of emerging threats with expert analysis from 84+ security articles, vulnerability reports, and cybersecurity insights — updated daily with the latest CVEs, threat actor campaigns, and security advisories. This week: Russian CTRL toolkit using named pipes for stealth persistence, Iran's Handala group breaching FBI Director email and deploying wiper malware, and critical LangChain/LangGraph AI stack vulnerabilities putting enterprise AI deployments at risk.

All Articles Advisory Cyber Attack Data Breach Exploit Malware Threat Actor Vulnerability

Severity: All Critical High Medium Low

46 articles found

criticalCVE AdvisoryVulnerability

Ingress-NGINX Remote Code Execution: Your Kubernetes Cluster's Front Door Is Wide Open

Critical vulnerabilities in Kubernetes Ingress-NGINX (CVE-2025-1974 and related) allow unauthenticated attackers with pod network access to achieve RCE via file descriptor injection. Default installations expose all cluster Secrets. Public exploit available.

By Danny MercerRead Full Article

CVE-2026-25049

critical

CVSS 9.4

CVE AdvisoryVulnerabilityCVE-2026-25049 CVSS 9.4 •Feb 5, 2026

n8n Sandbox Escape: A Critical Reminder That Patches Need Patches

CVE-2026-25049 (CVSS 9.4) bypasses the fix for CVE-2025-68613 using JavaScript destructuring tricks. Authenticated users can escape n8n expression sandbox and achieve RCE via webhook-triggered workflows. Four additional CVEs disclosed alongside.

CVE-2025-25257

critical

CVSS 9.8

CVE AdvisoryVulnerabilityCVE-2025-25257 CVSS 9.8 •Feb 4, 2026

FortiWeb's Pre-Auth SQL Injection Is Being Exploited Right Now

CVE-2025-25257 is a pre-authentication SQL injection in FortiWeb Fabric Connector that enables remote code execution. Actively exploited in the wild with public PoC available. Affects FortiWeb 7.0.x through 7.6.x. CISA KEV listed.

critical

Threat IntelNation StateGTG-1002 China •Feb 1, 2026

When AI Became the Hacker: Inside the First Autonomous Cyber Espionage Campaign

A Chinese state-sponsored group turned Anthropic's Claude into the hacker itself, building a framework that allowed the AI to independently infiltrate networks, harvest credentials, and steal data. This was the first documented case of AI doing the hacking, not just assisting it.

critical

Threat IntelGeneral•Jan 31, 2026

Weekly Recap: Google Disrupts IPIDEA, Kimwolf Botnet Spreads, React2Shell Exploited, Microsoft Patches 114 Flaws & More

This week's cybersecurity developments demonstrate how quickly attackers are co-opting existing infrastructure. From Google's disruption of the IPIDEA residential proxy network to Microsoft's 114-flaw Patch Tuesday, the patterns show attackers prioritizing persistence over speed.

CVE-2026-24858

critical

CVSS 9.8

CVE AdvisoryVulnerabilityCVE-2026-24858 CVSS 9.8 •Jan 30, 2026

CRITICAL: Fortinet FortiCloud SSO Authentication Bypass - Actively Exploited

A critical authentication bypass vulnerability (CVSS 9.8) in Fortinet FortiOS, FortiManager, FortiAnalyzer, FortiProxy, and FortiWeb allows attackers with a FortiCloud account to access devices registered to other accounts when FortiCloud SSO is enabled. This vulnerability is actively being exploited in the wild.

Is Your Mobile App Secure?

Our CyberOne MobileAssess platform performs deep static analysis, source code decompilation, and runtime security testing for iOS and Android apps. From one-time assessments to year-long continuous testing, we find what surface-level scanners miss.

Learn About Mobile Pen Testing MSP Partner Program

PreviousPage 3 of 3

Stay Informed

Subscribe to our newsletter and get the latest security insights delivered to your inbox.