Executive Summary CVE-2026-21858 (Ni8mare) is a critical unauthenticated remote code execution vulnerability in n8n, a widely used workflow automation platform. The flaw is caused by content-type confusion in webhook request handling, allowing attackers to forge uploaded files, read arbitrary local files, forge administrator sessions, and ultimately execute commands on the underlying host. The vulnerability affects […]

On September 16, 2025, a large-scale npm supply chain attack was discovered, which seems to be linked to the same threat actors behind the August 27 Nx compromise (under ongoing investigation). Dubbed Shai Hulud, this self-propagating worm has infected nearly 40 npm packages, including several from CrowdStrike, by harvesting secrets from CI/CD pipelines and cloud […]