Currently Browsing:

Research

Amazon Bedrock is AWS’s managed platform for building generative AI applications using foundation models, agents, and Retrieval-Augmented Generation (RAG). It allows organizations to integrate powerful language models directly into their AWS environments, connecting probabilistic AI systems with deterministic cloud services such as IAM, S3, and Lambda. But for cloud security teams, this integration creates a […]

Executive Summary CrackArmor is a group of vulnerabilities affecting the Linux kernel AppArmor security module that allow local attackers to interfere with how AppArmor security profiles are managed and enforced. By abusing weaknesses in policy management and kernel profile parsing logic, an attacker with limited system access may weaken AppArmor protections or escalate privileges to […]

Executive Summary In February 2026, an autonomous bot named hackerbot-claw exploited insecure GitHub Actions configurations across multiple high-profile repositories. The campaign abused unsafe pull_request_target triggers, unsanitized inputs, dynamic shell execution, and overprivileged GITHUB_TOKEN permissions to achieve remote code execution (RCE) in GitHub-hosted runners. Across at least six repositories, the bot successfully executed arbitrary commands, and […]

Executive Summary In a single day, six vulnerabilities were disclosed in n8n, spanning remote code execution, command injection, arbitrary file access, and cross-site scripting. All six issues affect authenticated functionality and repeatedly break isolation between workflows, configuration, and the underlying host. This is not random disclosure noise, it’s a clear signal of systemic security weaknesses […]

Executive Summary CVE-2026-1470 is a critical remote code execution (RCE) vulnerability in the n8n workflow automation platform. The flaw stems from unsafe evaluation of user-supplied workflow expressions, allowing authenticated users to execute arbitrary JavaScript code within the n8n runtime and fully compromise the instance. Exploitation requires low privileges, no user interaction, and impacts all unpatched […]

Executive Summary CVE-2026-21858 (Ni8mare) is a critical unauthenticated remote code execution vulnerability in n8n, a widely used workflow automation platform. The flaw is caused by content-type confusion in webhook request handling, allowing attackers to forge uploaded files, read arbitrary local files, forge administrator sessions, and ultimately execute commands on the underlying host. The vulnerability affects […]

Executive Summary CVE-2026-21877 is a critical remote code execution vulnerability in n8n that allows an authenticated user to execute arbitrary code on the underlying instance. The issue affects n8n versions >= 0.123.0 and < 1.121.3 and is fixed in 1.121.3 and later. In environments where n8n automates workflows with access to internal systems, credentials, and […]

Executive Summary: The Three-Headed Mystery Shai-Hulud 3.0, the sandworm, is back. But is it a new monster, or just the same old worm with a new trick? The security community is currently buzzing about rumors of “Shai-Hulud 3.0.” Reports suggest the sandworm has returned and panic levels are high. But when we look at the […]

Executive Summary CVE-2025-68664 is a critical serialization injection vulnerability in LangChain that affects how data is serialized using dumps() and dumpd(), and later reconstructed using load() and loads(). The issue stems from a failure to properly escape user-controlled dictionaries that contain the reserved lc key. Because this key is used internally by LangChain to represent […]

Executive Summary A critical unauthenticated vulnerability (CVE-2025-14847) has been identified in MongoDB Server, affecting how the database processes zlib-compressed network traffic. Under specific conditions, a remote attacker can trigger MongoDB to return uninitialized heap memory as part of a server response. Because this data originates from process memory, it may contain fragments of previously handled […]