The Hacker News

Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances

Critical n8n flaw CVE-2025-68613 (CVSS 9.9) lets authenticated users run arbitrary code; versions 0.211.0–1.120.4 affected, ...
Cybernews

Vincent AI phishing vulnerability found, 200K+ law firms at risk of credential and data theft

VLex's Vincent AI assistant, used by thousands of law firms worldwide, is vulnerable to AI phishing attacks that can steal ...
InfoWorld

Open source code libraries suffer from vulnerabilities

A recent study found that more than a third of 1,261 open source libraries had a known vulnerability and about a quarter of the downloads were tainted A study of how 31 popular open source code ...
InfoWorld

GitHub rolls out AI-powered fixes for code vulnerabilities

Copilot Autofix, a new addition to the GitHub Advanced Security service, analyzes vulnerabilities in code and offers code suggestions to help developers fix them. GitHub has unveiled Copilot Autofix, ...
Opinion

December Patch Tuesday reveals 54 vulnerabilities

Microsoft is publishing a relatively light 54 new vulnerabilities this Patch Tuesday, which is significantly lower than we have come to expect over the past couple of years. Today’s list includes two ...
CSO Online

HPE OneView vulnerable to remote code execution attack

An unauthenticated user can execute the attack, and there’s no mitigation, just a hotfix that should be applied immediately.