2026-01-09 AI创业新闻

WhatsApp Worm Spreads Astaroth Banking Trojan Across Brazil via Contact Auto-Messaging

Cybersecurity researchers have disclosed details of a new campaign that uses WhatsApp as a distribution vector for a Windows banking trojan called Astaroth in attacks targeting Brazil. The campaign has been codenamed Boto Cor-de-Rosa by Acronis Threat Research Unit. “The malware retrieves the victim’s WhatsApp contact list and automatically sends malicious messages to each contact to further spread the infection,” the cybersecurity company said in a report shared with The Hacker News. “While the core Astaroth payload remains written in Delphi and its installer relies on Visual Basic script, the newly added WhatsApp-based worm module is implemented entirely in Python, highlighting the threat actors’ growing use of multi-language modular components.” Astaroth, also called Guildma, is a banking malware that has been detected in the wild since 2015, primarily targeting users in Latin America, particularly Brazil, to facilitate data theft.

In 2024, multiple threat clusters tracked as PINEAPPLE and Water Makara were observed leveraging phishing emails to propagate the malware. The use of WhatsApp as a delivery vehicle for banking trojans is a new tactic that has gained traction among threat actors targeting Brazilian users, a move fueled by the widespread use of the messaging platform in the country. Last month, Trend Micro detailed Water Saci’s reliance on WhatsApp to spread Maverick and a variant of Casbaneiro. Sophos, in a report published in November 2025, said it’s tracking a multi-stage malware distribution campaign codenamed STAC3150 targeting WhatsApp users in Brazil with Astaroth.

More than 95% of the impacted devices were located in Brazil, and, to a lesser extent, in the U.S. and Austria. The activity, active since at least September 24, 2025, delivers ZIP archives containing a downloader script that retrieves a PowerShell or Python script to collect WhatsApp user data for further propagation, along with an MSI installer that deploys the trojan. The latest findings from Acronis is a continuation of this trend, where ZIP files distributed through WhatsApp messages act as a jumping-off point for the malware infection.

“When the victim extracts and opens the archive, they encounter a Visual Basic Script disguised as a benign file,” the cybersecurity company said. “Executing this script triggers the download of the next-stage components and marks the beginning of the compromise.” This includes two modules - A Python-based propagation module that gathers the victim’s WhatsApp contacts and automatically forwards a malicious ZIP file to each of them, effectively leading to the spread of the malware in a worm-like manner A banking module that operates in the background and continuously monitors a victim’s web browsing activity, and activates when banking-related URLs are visited to harvest credentials and enable financial gain “The malware author also implemented a built-in mechanism to track and report propagation metrics in real time,” Acronis said. “The code periodically logs statistics such as the number of messages successfully delivered, the number of failed attempts, and the sending rate measured in messages per minute.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

China-Linked UAT-7290 Targets Telecoms with Linux Malware and ORB Nodes

A China-nexus threat actor known as UAT-7290 has been attributed to espionage-focused intrusions against entities in South Asia and Southeastern Europe. The activity cluster, which has been active since at least 2022, primarily focuses on extensive technical reconnaissance of target organizations before initiating attacks, ultimately leading to the deployment of malware families such as RushDrop, DriveSwitch, and SilentRaid, according to a Cisco Talos report published today. “In addition to conducting espionage-focused attacks where UAT-7290 burrows deep inside a victim enterprise’s network infrastructure, their tactics, techniques, and procedures (TTPs) and tooling suggest that this actor also establishes Operational Relay Box (ORBs) nodes,” researchers Asheer Malhotra, Vitor Ventura, and Brandon White said . “The ORB infrastructure may then be used by other China-nexus actors in their malicious operations, signifying UAT-7290’s dual role as an espionage-motivated threat actor as well as an initial access group.” Attacks mounted by the adversary have mainly targeted telecommunications providers in South Asia.

However, recent intrusion waves have branched out to strike organizations in Southeastern Europe. UAT-7290’s tradecraft is broad as it’s varied, relying on a combination of open-source malware, custom tooling, and payloads for one-day vulnerabilities in popular edge networking products. Some of the notable Windows implants put to use by the threat actor include RedLeaves (aka BUGJUICE) and ShadowPad , both exclusively linked to Chinese hacking groups. That said, the group mainly leverages a Linux-based malware suite comprising - RushDrop (aka ChronosRAT ), a dropper that initiates the infection chain DriveSwitch, a peripheral malware that’s used to execute SilentRaid on the infected system SilentRaid (aka MystRodX ), a C++-based implant that establishes persistent access to compromised endpoints and employs a plugin-like approach to communicate with an external server, open a remote shell, set up port forwarding, and perform file operations It’s worth noting that a prior analysis from QiAnXin XLab flagged MystRodX as a variant of ChronosRAT, a modular ELF binary that’s capable of shellcode execution, file management, keylogging, port forwarding, remote shell, screenshot capture, and proxy.

Palo Alto Networks Unit 42 is tracking the associated threat cluster under the moniker CL-STA-0969. Also deployed by UAT-7290 is a backdoor called Bulbature that’s engineered to transform a compromised edge device into an ORBs. It was first documented by Sekoia in October 2024. The cybersecurity company said the threat actor shares tactical and infrastructure overlaps with China-linked adversaries known as Stone Panda and RedFoxtrot (aka Nomad Panda).

“The threat actor conducts extensive reconnaissance of target organizations before carrying out intrusions. UAT-7290 leverages one-day exploits and target-specific SSH brute force to compromise public-facing edge devices to gain initial access and escalate privileges on compromised systems,” the researchers said. “The actor appears to rely on publicly available proof-of-concept exploit code as opposed to developing their own.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

ThreatsDay Bulletin: RustFS Flaw, Iranian Ops, WebUI RCE, Cloud Leaks, and 12 More Stories

The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere. This week’s stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in. Read on to catch up before the next wave hits.

Honeypot Traps Hackers Hackers Fall for Resecurity’s Honeypot Cybersecurity company Resecurity revealed that it deliberately lured threat actors who claimed to be associated with Scattered LAPSUS$ Hunters ( SLH ) into a trap, after the group claimed on Telegram that it had hacked the company and stolen internal and client data. The company said it set up a honeytrap account populated with fake data designed to resemble real-world business data and planted a fake account on an underground marketplace for compromised credentials after it uncovered a threat actor attempting to conduct malicious activity targeting its resources in November 2025 by probing various publicly facing services and applications. The threat actor is also said to have targeted one of its employees who had no sensitive data or privileged access. “This led to a successful login by the threat actor to one of the emulated applications containing synthetic data,” it said .

“While the successful login could have enabled the actor to gain unauthorized access and commit a crime, it also provided us with strong proof of their activity. Between December 12 and December 24, the threat actor made over 188,000 requests attempting to dump synthetic data.” As of January 4, 2025, the group removed the post announcing the hack from their Telegram channel. Resecurity said the exercise also allowed them to identify the threat actor and link one of their active Gmail accounts to a U.S.-based phone number and a Yahoo account. Regardless of the setback, new findings from CYFIRMA indicate that the loose-knit collective has resurfaced with scaled-up recruitment activity, seeking initial access brokers, insider collaborators, and corporate credentials.

“Chatroom discussions repeatedly reference legacy threat brands such as LizardSquad, though these mentions remain unverified and are likely part of an intimidation or reputation-inflation strategy rather than proof of a formal alliance,” it said . Crypto Miner via GeoServer Exploitation of GeoServer Flaw Threat actors are exploiting a known flaw in GeoServer, CVE-2024-36401 , to distribute an XMRig cryptocurrency miner by means of PowerShell commands. “Additionally, the same threat actor is also distributing a coin miner to WegLogic servers,” AhnLab said . “It appears that they are installing CoinMiner when they scan the systems exposed to the outside world and find vulnerable services.” Two other threat actors have also benefited from abusing the flaw to deliver the miner, AnyDesk for remote access, and a custom-made downloader malware dubbed “systemd” from an external server whose exact function remains unknown.

“Threat actors are targeting environments where GeoServer is installed and are installing various coin miners,” the company said. “The threat actor can then use NetCat, which is installed together with the coin miner, to install other malware or steal information from the system.” KEV Catalog Expansion CISA Added 245 Flaws to KEV Catalog in 2025 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 245 vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog in 2025, as the database grew to 1,484 software and hardware flaws at high risk of cyber attacks – an increase of about 20% from the previous year. In comparison, 187 vulnerabilities were added in 2023 and 185 in 2024.

Of the 245 flaws, 24 were exploited by ransomware groups. Microsoft, Apple, Cisco, Fortinet, Google Chromium, Ivanti, Linux Kernel, Citrix, D-Link, Oracle, and SonicWall accounted for 105 of the total vulnerabilities added to the catalog. According to Cyble, the oldest vulnerability added to the KEV catalog in 2025 was CVE-2007-0671, a Microsoft Office Excel Remote Code Execution vulnerability. The oldest vulnerability in the catalog is CVE-2002-0367, a privilege escalation vulnerability in the Windows NT and Windows 2000 “smss.exe” debugging subsystem that has been known to be used in ransomware attacks.

AI Logs Dispute Deepens OpenAI Ordered to Turn Over 20M ChatGPT Logs in Ongoing Copyright Suit OpenAI has been ordered to turn over 20 million anonymized ChatGPT logs in a consolidated AI copyright case in the U.S. after it failed to convince a federal judge to dismiss a magistrate judge’s order, the company said insufficiently weighed privacy concerns. The high-profile lawsuit, which has major news publishers like the New York Times and Chicago Tribune as plaintiffs, is centred around the core argument that the data that powers ChatGPT has included millions of copyrighted works from the news organizations without consent or payment. OpenAI has insisted that AI training is fair use, adding “the data we are making accessible to comply with this order has undergone a de-identification process intended to remove or mask PII and other private information, and is being provided under tight access controls designed to prevent the Times from copying and printing data that isn’t directly relevant to this case.” The news plaintiffs have also alleged that OpenAI destroyed “relevant output log data” by failing to temporarily cease its deletion practices as soon as litigation started in an apparent effort to dodge copyright claims.

Taiwan Faces Surge Attacks China Intensifies Cyber Attacks on Taiwan The National Security Bureau in Taiwan said that China’s attacks on the country’s energy sector increased tenfold in 2025 compared to the previous year. Attackers targeted critical infrastructure in nine key sectors, and the total number of cyber incidents linked to China grew by 6%. The NSB recorded a total of 960,620,609 cyber intrusion attempts targeting Taiwan’s critical infrastructure, allegedly coming from China’s cyber army in 2025. “On average, China’s cyber army launched 2.63 million intrusion attempts per day targeting Taiwan’s CI across nine primary sectors, namely administration and agencies, energy, communications and transmission, transportation, emergency rescue and hospitals, water resources, finance, science parks and industrial parks, as well as food,” the NSB said .

The energy and emergency rescue/hospitals sectors experienced the most significant year-on-year surge in cyber attacks from Chinese threat actors. The attacks have been attributed to five Chinese hacking groups, namely BlackTech (Canary Typhoon, Circuit Panda, and Earth Hundu), Flax Typhoon (aka Ethereal Panda and Storm-0919), HoneyMyte (aka Bronze President, Mustang Panda, and Twill Typhoon), APT41 (aka Brass Typhoon, Bronze Atlas, Double Dragon, Leopard Typhoon, and Wicked Panda), and UNC3886, which are said to have probed network equipment and industrial control systems of Taiwan’s energy companies to plant malware. “China has fully integrated military, intelligence, industrial, and technological capabilities across both public and private sectors to enhance the depth of intrusion and operational stealth of its external cyberattacks through a wide range of cyberattack tactics and techniques,” NSB said. China’s cyber army is also said to have exploited vulnerabilities in the websites and systems of major hospitals in Taiwan to drop ransomware and conduct adversary-in-the-middle (AitM) attacks against communications companies to steal sensitive data.

Exchange Limit Canceled Microsoft Cancels Plans for Mailbox External Recipient Rate Limit Microsoft said it’s indefinitely canceling earlier plans to enforce a Mailbox External Recipient Rate Limit in Exchange Online to combat abuse and prevent misuse of the service for bulk spam and other malicious email activity. “The Recipient Rate Limit and the Tenant-level External Recipient Rate Limit mentioned in Exchange Online limits remain unchanged by this announcement,” the company said. The tech giant first announced the limit in April 2024, stating it would begin enforcing an external recipient rate limit of 2,000 recipients in 24 hours, effective April 2026. Stalkerware Founder Guilty pcTattletale Operator Pleads Guilty Bryan Fleming, the founder of pcTattletale , pleaded guilty to operating stalkerware from his home in the U.S.

state of Michigan. In May 2024, the U.S.-based spyware company said it was “out of business and completely done” after an unknown hacker defaced its website and posted gigabytes of data to its homepage. The app, which covertly captured screenshots of hotel booking systems, suffered from a security flaw that allowed the screenshots to be available to anyone on the internet. The breach affected more than 138,000 users who had registered for the service.

The U.S. Homeland Security Investigations (HSI) said it began investigating pcTattletale in June 2021 for “surreptitiously spying on spouses and partners.” While the tool was ostensibly marketed as a parental control and employee monitoring software, pcTattletale also promoted its ability to snoop on spouses and domestic partners by tracking every click and screen tap. Fleming even had a YouTube channel to promote the spyware. He is expected to be sentenced later this year.

The development marks a rare instance of criminal prosecution for purveyors of stalkerware, who often operate out in the open with impunity. The previous spyware conviction in the U.S. occurred in 2014 when a Danish citizen, Hammad Akbar, pleaded guilty to operating the StealthGenie spyware. Hardcoded Token Risk Critical Flaw in RustFS A critical security vulnerability has been disclosed in RustFS that stems from implementing gRPC authentication using a hard-coded static token that’s publicly exposed in the source code repository, hard-coded on both client and server sides, non-configurable with no mechanism for token rotation, and universally valid across all RustFS deployments.

“Any attacker with network access to the gRPC port can authenticate using this publicly known token and execute privileged operations, including data destruction, policy manipulation, and cluster configuration changes,” RustFS said. The vulnerability, which does not have a CVE identifier, carries a CVSS score of 9.8. It affects versions alpha.13 through alpha.77, and has been patched in 1.0.0-alpha.78 released on December 30, 2025. Malware via pkr_mtsi pkr_mtsi Packer Used to Deliver Malware A Windows packer and loader named pkr_mtsi has been put to use in large-scale malvertising and SEO-poisoning campaigns to distribute trojanized installers for legitimate software such as PuTTY, Rufus, and Microsoft Teams, enabling initial access and flexible delivery of follow-on payloads.

It’s available in both executable (EXE) and dynamic-link library (DLL) forms. “In observed campaigns, pkr_mtsi has been used to deliver a diverse set of malware families, including Oyster , Vidar Stealer , Vanguard Stealer, Supper , and more, underscoring its role as a general-purpose loader rather than a single-payload wrapper,” ReversingLabs said . First observed in April 2025, the packer has witnessed a steady evolutionary trajectory in the intervening months, adding increasingly sophisticated obfuscation layers, anti-analysis and anti-debugging techniques, and evasive API resolution strategies. Open WebUI RCE Risk Security Flaw in Open WebUI A high-severity security flaw has been disclosed in Open WebUI in versions 0.6.34 and older ( CVE-2025-64496 , CVSS score: 7.3) that affects the Direct Connections feature, which lets users connect to external AI model servers (e.g., OpenAI’s API).

“If a threat actor tricks a user into connecting to a malicious server, it can lead to an account takeover attack,” Cato Networks said . “If the user also has workspace.tools permission enabled, it can lead to remote code execution (RCE). Which means that a threat actor can control the system running Open WebUI.” The issue was addressed in version 0.6.35 released on November 7, 2025. The attack requires the victim to enable Direct Connections (disabled by default) and add the attacker’s malicious model URL.

At its core, the flaw stems from a trust failure between untrusted model servers and the user’s browser session. A hostile server can send a crafted server-sent events message that triggers the execution of JavaScript code in the browser. This allows an attacker to steal authentication tokens stored in localStorage. Once obtained, those tokens grant full access to the victim’s Open WebUI account.

Chats, uploaded documents and API keys can all be exposed. Iranian Group Evolves MuddyWater’s New Tactics Exposed The Iranian nation-state group known as MuddyWater has been conducting phishing attacks designed to deliver known backdoors such as Phoenix and UDPGangster through executable files disguised as PDFs and DOC files with macro code. Both the implants come fitted with command execution and file upload/download capabilities. “It is worth noting that MuddyWater has gradually reduced the use of ready-made remote control programs such as RMM, and instead developed and deployed a variety of dedicated backdoors to implement penetration for specific targets,” the 360 Threat Intelligence Center said .

“The disguised content of the sample is Israeli, Azerbaijani, and English, and the sample is also uploaded by Israel, Azerbaijan, and other regions, which is in line with the attack target of the MuddyWater organization.” ownCloud MFA Alert ownCloud Urges Customers to Enable MFA File-sharing platform ownCloud has warned users to enable multi-factor authentication (MFA) to block malicious attempts that use compromised credentials to steal their data. The alert comes in the wake of a report from Hudson Rock, which flagged a threat actor named Zestix (aka Sentap) for auctioning data exfiltrated from the corporate file-sharing portals of about 50 major global enterprises. “Contrary to attacks involving sophisticated cookie hijacking or session bypasses, the Zestix campaign highlights a far more pedestrian – yet equally devastating – oversight: The absence of Multi-Factor Authentication (2FA),” Hudson Rock said . The attacks follow a well-oiled workflow: An employee inadvertently downloads a malicious file that leads to the deployment of information-stealing malware.

Once the stolen information is made available for sale on darknet forums, the threat actor uses the valid usernames and passwords extracted from the stealer logs to sign into popular cloud file sharing services ShareFile, Nextcloud, and OwnCloud by taking advantage of the missing MFA protections. Zestix is believed to have been active in Russian-language closed forums since late 2024, primarily motivated by financial gain by selling access in exchange for Bitcoin payments. Assessed to be of Iranian origin , the initial access broker has demonstrated ties with a ransomware group named FunkSec . Cross-Platform RAT Analysis GravityRAT Detailed ANY.RUN has published a technical rundown of a sophisticated remote access trojan called GravityRAT that has been actively targeting organizations and government entities since 2016.

A multi-platform malware, it’s equipped to harvest sensitive data, including WhatsApp backups on Android devices, and boasts a wide range of anti-analysis features, including checking BIOS versions, searching for hypervisor artifacts, counting CPU cores, and querying CPU temperature through Windows Management Instrumentation (WMI). “This temperature check is particularly effective because most hypervisors, including Hyper-V, VMware Fusion, VirtualBox, KVM, and Xen, do not support temperature monitoring, causing them to return error messages that immediately reveal the presence of a virtual environment,” ANY.RUN said. The use of GravityRAT is primarily attributed to a Pakistan-origin threat actor tracked as Transparent Tribe. On Windows, it’s often spread via spear-phishing emails containing malicious Office documents with macros or exploits.

On Android, it masquerades as a messaging platform and is distributed via third-party sites or social engineering. “The RAT operates through a multi-stage infection and command-and-control architecture,” ANY.RUN added. “GravityRAT implements a modular architecture where different components handle specific functions.” Scam Empire Kingpin Caught Alleged Scam Empire Mastermind Extradited to China Cambodian authorities have arrested and extradited Chen Zhi, the alleged mastermind behind one of Asia’s largest transnational scam networks, to China. Chen , 38, is the founder and chairman of Prince Group.

He was among the three Chinese nationals arrested on January 6, 2026. His Cambodian nationality was “revoked by a Royal Decree” last month. In October 2025, the U.S. Department of Justice (DoJ) unsealed an indictment against Prince Group and Chen (in absentia) for operating illegal forced-labor scam compounds across Southeast Asia to conduct cryptocurrency fraud schemes, also known as romance baiting or pig butchering.

Scamsters in such incidents begin by establishing fake relationships with unsuspecting users before coaxing them into investing their funds in bogus cryptocurrency platforms. The industrial scale of the operation notwithstanding, those conducting the scams are often trafficked foreign nationals, who are trapped and coerced to carry out online fraud under threat of torture. The U.K. and U.S.

governments have also sanctioned Prince Group, designating it as a transnational criminal organization. In a statement in November 2025, Prince Group said it “categorically rejects” the accusations. China’s Ministry of Public Security described Chen’s arrest as “another great achievement under China-Cambodia law enforcement cooperation.” Mao Ning, a spokesperson for China’s Ministry of Foreign Affairs, said “for quite some time, China has been actively working with countries, including Cambodia, to crack down on crimes of online gambling and telecom fraud with notable outcomes.” Beijing has also worked with Thailand and Myanmar to release thousands of people from scam compounds. Despite ongoing crackdowns, the United Nations Office on Drugs and Crime (UNODC) has said the criminal networks that run the scam hubs are evolving at an unprecedented scale.

Scam victims worldwide lost between $18 billion and $37 billion in 2023, according to UNODC estimates. Phishing Kits Double Evolution of Phishing Kits in 2025 The number of phishing-as-a-service (PhaaS) toolkits doubled during 2025, with 90% of high-volume phishing campaigns leveraging such tools in 2025, according to an analysis by Barracuda. Some of the notable PhaaS players were Sneaky 2FA , CoGUI , Cephas , Whisper 2FA , and GhostFrame . These kits incorporate advanced anti-analysis measures, MFA bypass, and stealth deployment that make it harder to detect using traditional measures.

The main advantage of PhaaS kits is that they lower the barrier to entry, enabling even attackers with little technical expertise to mount large-scale, targeted phishing campaigns with minimal effort. The most common phishing themes observed during the year were fake payment, financial, legal, digital signature, and HR-related messages designed to deceive users into clicking on a link, scanning a QR code, or opening an attachment. Among the novel techniques used by phishing kits are obfuscations to hide URLs from detection and inspection, CAPTCHA for added authenticity, malicious QR codes, abuse of trusted, legitimate online platforms, and ClickFix, among others. Zed IDE RCE Flaws Vulnerabilities in Zed IDE Two high-severity security flaws have been disclosed in Zed IDE that expose users to arbitrary code execution when loading or interacting with a maliciously crafted source code repository.

“Zed automatically loaded MCP [Model Context Protocol] settings from the workspace without requiring user confirmation,” Mindguard said about CVE-2025-68433 (CVSS score: 7.8). “A malicious project could use this to define MCP tools that execute arbitrary code on the developer’s system without explicit permission.” The second vulnerability ( CVE-2025-68432 , CVSS score: 7.8) has to do with the IDE implicitly trusting project-supplied Language Server Protocol ( LSP ) configurations, potentially opening the door to arbitrary command execution when a user opens any source code file in the repository. Following responsible disclosure on November 14, 2025, Zed released version 0.218.2-pre to address the issues last month. That’s the wrap for this week.

These stories show how fast things can change and how small risks can grow big if ignored. Keep your systems updated, watch for the quiet stuff, and don’t trust what looks normal too quickly. Next Thursday, ThreatsDay will be back with more short takes from the week’s biggest moves in hacking and security. Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

The State of Trusted Open Source

Chainguard, the trusted source for open source, has a unique view into how modern organizations actually consume open source software and where they run into risk and operational burdens. Across a growing customer base and an extensive catalog of over 1800 container image projects, 148,000 versions, 290,000 images, and 100,000 language libraries, and almost half a billion builds, they can see what teams pull, deploy, and maintain day-to-day, along with the vulnerabilities and remediation realities that come hand in hand. That’s why they created The State of Trusted Open Source , a quarterly pulse on the open source software supply chain. As they analyzed anonymized product usage and CVE data, the Chainguard team noticed common themes around what open source engineering teams are actually building with and the risks associated.

Here’s what they found: AI is reshaping the baseline stack: Python led the way as the most popular open source image among Chainguard’s global customer base, powering the modern AI stack. Over half of production happens outside of the most popular projects: Most teams may standardize on a familiar set of images, but real-world infrastructure is powered by a broad portfolio that extends far beyond the top 20 most popular, which they refer to in this report as longtail images. Popularity doesn’t map to risk: 98% of the vulnerabilities found and remediated in Chainguard images occurred outside of the top 20 most popular projects. That means the biggest security burden accumulates in the less-visible part of the stack, where patching is hardest to operationalize.

Compliance can be the catalyst for action: Compliance takes many forms today: from SBOM and vulnerability requirements to industry frameworks like PCI DSS, SOC 2, and regulations like the EU’s Cyber Resilience Act. FIPS is just one example, focused specifically on U.S. federal encryption standards. Even so, 44% of Chainguard customers run a FIPS image in production, underscoring how frequently regulatory needs shape real-world software decisions.

Trust is built on remediation speed: Chainguard eliminated Critical CVEs, on average, in under 20 hours. Before we dive in, a note on the methodology: This report analyzes 1800+ unique container image projects, 10,100 total vulnerability instances, and 154 unique CVEs tracked from September 1, 2025, through November 30, 2025. When we use terms like “top 20 projects” and “longtail projects” (as defined by images outside of the top 20), we’re referring to real usage patterns observed across Chainguard’s customer portfolio and in production pulls. Usage: What teams actually run in production If you zoom out, today’s production container footprint looks exactly like you’d expect: foundational languages, runtimes, and infrastructure components dominate the most popular list.

Most popular images: AI is reshaping the baseline stack Across all regions, the top images are familiar staples: Python (71.7% of customers), Node (56.5%), nginx (40.1%), go (33.5%), redis (31.4%), followed by JDK, JRE, and a cluster of core observability and platform tooling like Grafana, Prometheus, Istio, cert-manager, argocd, ingress-nginx, and kube-state-metrics. This indicates that customers operate a portfolio of critical building blocks – including languages, gateways, service mesh, monitoring, and controllers – that collectively form the foundation of their business. It’s not surprising to see Python leading the way globally, as the default glue language for the modern AI stack. Teams typically standardize on Python for model development, data pipelines, and increasingly for production inference services as well.

Most popular by region: Similar foundations, different longtail mix North America shows a broad and consistent set of default production building blocks: Python (71.7% of customers), Node (56.6%), nginx (39.8%), go (31.9%), redis (31.5%), plus strong penetration of Kubernetes ecosystem components (cert-manager, istio, argocd, prometheus, kube-state-metrics, node-exporter, kubectl). Notably, even utility images like busybox show up meaningfully. Outside North America, the same core stack appears, but the portfolio spreads differently: Python (72% of customers), Node (55.8%), Go (44.2%), nginx (41.9%), and a noticeable presence of .NET runtimes (aspnet-runtime, dotnet-runtime, dotnet-sdk) and PostgreSQL. The longtail of images is crucial to production, not edge cases Chainguard’s most popular images represent only 1.37% of all available images and account for roughly half of all container pulls.

The other half of production usage comes from everywhere else: 1,436 longtail images that make up 61.42% of the average customer’s container portfolio. In other words, half of all production workloads run on longtail images. These aren’t edge cases. They’re core to Chainguard’s customers’ infrastructure.

It’s relatively straightforward to keep the top handful of images polished, but what trusted open source requires is maintaining that security and velocity across the breadth of what customers actually run. FIPS usage: Compliance is a catalyst for action FIPS encryption is an essential technology in the compliance landscape, focused on satisfying U.S. federal encryption requirements. And it offers a useful window into how regulatory pressure drives adoption.

In the data, 44% of customers run at least one FIPS image in production. The pattern is consistent: when working within compliance frameworks like FedRAMP, DoD IL-5, PCI DSS, SOC 2, CRA, Essential Eight or HIPAA, teams need hardened, trusted open source software that mirrors their commercial workloads. The most used FIPS images align with the broader portfolio, simply with cryptographic modules strengthened for audit and verification. Top FIPS image projects include Python-fips (62% of customers with at least one FIPS image in production), Node-fips (50%), nginx-fips (47.2%), go-fips (33.8%), redis-fips (33.1%), plus platform components like istio-pilot-fips, istio-proxy-fips, and cert-manager variants.

Even supporting libraries and crypto foundations show up, such as glibc-openssl-fips. FIPS is not the whole story, but it illustrates a broader truth: compliance is a universal driver, emphasizing the need for trusted open source across the entire software stack. CVEs: Popularity doesn’t map to risk When looking across Chainguard’s catalog of images, risk is overwhelmingly concentrated outside of the most popular images. Of the CVEs Chainguard remediated in the past three months, 214 occurred in the top 20 images, accounting for only 2% of the total CVEs.

Go beyond those top images, and you’ll find the other 98% of CVEs Chainguard remediated (10,785 CVE instances). That’s 50 times the number of CVEs in the top 20 images! The largest volume of CVEs are categorized as Medium, but operational urgency often stems from how quickly Critical and High CVEs are addressed, and whether customers can rely on that speed across their entire portfolio, not just the most common images. Trust is built on remediation speed For us, trust is measured in time-to-fix, and Chainguard knows this is most important when it comes to Critical CVEs.

During the three-month period analyzed, Chainguard’s team achieved a less than 20-hour average remediation time for Critical CVEs, with 63.5% of Critical CVEs being resolved within 24 hours, 97.6% within two days, and 100% within three days. In addition to Critical CVE remediation, the team addressed High CVEs in 2.05 days, Medium CVEs in 2.5 days, and Low CVEs in 3.05 days, notably faster than Chainguard’s SLAs (seven days for Critical CVEs and 14 days for high, medium, and low CVEs). And this speed isn’t confined to the most popular packages. For every single CVE remediated in a top 20 image project, they resolved 50 CVEs in less-popular images.

That longtail is where most of your real exposure hides and it can feel hopeless trying to keep up. Most engineering organizations simply can’t allocate resources to patch vulnerabilities in packages that fall outside their core stack, but the data makes it clear that you have to secure the “quiet majority” of your software supply chain with the same rigor as your most critical workloads. A new baseline for trusted open source Across the data, one takeaway stands out: modern software is powered by a wide, shifting portfolio of open source components, most of which live outside the top 20 most popular images. That’s not where developers spend their time, but it’s where the bulk of security and compliance risk accumulates.

This creates a concerning disconnect: it’s rational for engineering teams to focus on the small set of projects that matter most to their stack, but the majority of exposure sits in the vast set of dependencies they don’t have the time to manage. That’s why breadth matters. Chainguard is built to absorb the operational burden of the longtail, providing coverage and remediation at a scale that individual teams can’t justify on their own. As open source supply chains grow more complex, Chainguard will continue to track usage patterns and shine a light on where risk truly resides, so you don’t have to fight the battle against the longtail alone.

Ready to get started with the trusted source for open source? Contact Chainguard to learn more. Note: This article was expertly written and contributed by Ed Sawma, VP Product Marketing, Sasha Itkis, Product Analyst. Found this article interesting?

This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Cisco Patches ISE Security Vulnerability After Public PoC Exploit Release

Cisco has released updates to address a medium-severity security flaw in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) with a public proof-of-concept (PoC) exploit. The vulnerability, tracked as CVE-2026-20029 (CVSS score: 4.9), resides in the licensing feature and could allow an authenticated, remote attacker with administrative privileges to gain access to sensitive information. “This vulnerability is due to improper parsing of XML that is processed by the web-based management interface of Cisco ISE and Cisco ISE-PIC,” Cisco said in a Wednesday advisory. “An attacker could exploit this vulnerability by uploading a malicious file to the application.” Successful exploitation of the shortcoming could allow an attacker with valid administrative credentials to read arbitrary files from the underlying operating system, which the company said should be off-limits even to administrators.

Bobby Gould of Trend Micro Zero Day Initiative has been credited with discovering and reporting the flaw. It affects the following versions - Cisco ISE or ISE-PIC Release earlier than 3.2 - Migrate to a fixed release Cisco ISE or ISE-PIC Release 3.2 - 3.2 Patch 8 Cisco ISE or ISE-PIC Release 3.3 - 3.3 Patch 8 Cisco ISE or ISE-PIC Release 3.4 - 3.4 Patch 4 Cisco ISE or ISE-PIC Release 3.5 - Not vulnerable Cisco said there are no workarounds to address the flaw, adding it’s aware of the availability of a PoC exploit code. There are no indications that it has been exploited in the wild. In tandem, the networking equipment company also shipped fixes for two other medium-severity bugs stemming from the processing of Distributed Computing Environment Remote Procedure Call (DCE/RPC) requests that could allow an unauthenticated, remote attacker to cause the Snort 3 Detection Engine to leak sensitive information or to restart, impacting availability.

Trend Micro researcher Guy Lederfein has acknowledged for reporting the flaws. The details of the issues are as follows - CVE-2026-20026 (CVSS score: 5.8) - Snort 3 DCE/RPC denial-of-service vulnerability CVE-2026-20027 (CVSS score: 5.3) - Snort 3 DCE/RPC information disclosure vulnerability They affect a number of Cisco products - Cisco Secure Firewall Threat Defense (FTD) Software, if Snort 3 was configured Cisco IOS XE Software Cisco Meraki software With vulnerabilities in Cisco products frequently targeted by bad actors, it’s crucial that users update to the latest version for adequate protection. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Traditional Firewalls Are Obsolete in the AI Era

Researchers Uncover NodeCordRAT Hidden in npm Bitcoin-Themed Packages

Cybersecurity researchers have discovered three malicious npm packages that are designed to deliver a previously undocumented malware called NodeCordRAT . The names of the packages, all of which were taken down as of November 2025, are listed below. They were uploaded by a user named “wenmoonx.” bitcoin-main-lib (2,300 Downloads) bitcoin-lib-js (193 Downloads) bip40 (970 Downloads) “The bitcoin-main-lib and bitcoin-lib-js packages execute a postinstall.cjs script during installation, which installs bip40, the package that contains the malicious payload,” Zscaler ThreatLabz researchers Satyam Singh and Lakhan Parashar said. “This final payload, named NodeCordRAT by ThreatLabz, is a remote access trojan (RAT) with data-stealing capabilities.” NodeCordRAT gets its name from the use of npm as a propagation vector and Discord servers for command-and-control (C2) communications.

The malware is equipped to steal Google Chrome credentials, API tokens, and seed phrases from cryptocurrency wallets like MetaMask. According to the cybersecurity company, the threat actor behind the campaign is assessed to have named the packages after real repositories found within the legitimate bitcoinjs project, such as bitcoinjs-lib, bip32, bip38, and bip38. Both “bitcoin-main-lib” and “bitcoin-lib-js” include a “package.json” file that features “postinstall.cjs” as a postinstall script, leading to the execution of “bip40” that contains the NodeCordRAT payload. The malware, besides fingerprinting the infected host to generate a unique identifier across Windows, Linux, and macOS systems, leverages a hard-coded Discord server to open a covert communication channel to receive instructions and execute them - !run, to execute arbitrary shell commands using Node.js’ exec function !screenshot, to take a full desktop screenshot and exfiltrate the PNG file to the Discord channel !sendfile, to upload a specified file to the Discord channel “This data is exfiltrated using Discord’s API with a hardcoded token and sent to a private channel,” Zscaler said.

“The stolen files are uploaded as message attachments via Discord’s REST endpoint /channels/{id}/messages.” Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Coolify Discloses 11 Critical Flaws Enabling Full Server Compromise on Self-Hosted Instances

Cybersecurity researchers have disclosed details of multiple critical-severity security flaws affecting Coolify , an open-source, self-hosting platform, that could result in authentication bypass and remote code execution. The list of vulnerabilities is as follows - CVE-2025-66209 (CVSS score: 10.0) - A command injection vulnerability in the database backup functionality allows any authenticated user with database backup permissions to execute arbitrary commands on the host server, resulting in container escape and full server compromise CVE-2025-66210 (CVSS score: 10.0) - An authenticated command injection vulnerability in the database import functionality allows attackers to execute arbitrary commands on managed servers, leading to full infrastructure compromise CVE-2025-66211 (CVSS score: 10.0) - A command injection vulnerability in the PostgreSQL init script management allows authenticated users with database permissions to execute arbitrary commands as root on the server CVE-2025-66212 (CVSS score: 10.0) - An authenticated command injection vulnerability in the Dynamic Proxy Configuration functionality allows users with server management permissions to execute arbitrary commands as root on managed servers CVE-2025-66213 (CVSS score: 10.0) - An authenticated command injection vulnerability in the File Storage Directory Mount functionality allows users with application/service management permissions to execute arbitrary commands as root on managed servers CVE-2025-64419 (CVSS score: 9.7) - A command injection vulnerability via docker-compose.yaml that enables attackers to execute arbitrary system commands as root on the Coolify instance CVE-2025-64420 (CVSS score: 10.0) - An information disclosure vulnerability that allows low-privileged users to view the private key of the root user on the Coolify instance, allowing them to gain unauthorized access to the server via SSH and authenticate as the root user using the key CVE-2025-64424 (CVSS score: 9.4) - A command injection vulnerability was found in the git source input fields of a resource, allowing a low-privileged user (member) to execute system commands as root on the Coolify instance CVE-2025-59156 (CVSS score: 9.4) - An operating system command injection vulnerability that allows a low-privileged user to inject arbitrary Docker Compose directives and achieve root-level command execution on the underlying host CVE-2025-59157 (CVSS score: 10.0) - An operating system command injection vulnerability that allows a regular user to inject arbitrary shell commands that execute on the underlying server by using the Git Repository field during deployment CVE-2025-59158 (CVSS score: 9.4) - An improper encoding or escaping of the data that allows an authenticated user with low privileges to conduct a stored cross-site scripting (XSS) attack during project creation that’s automatically executed in the browser context when an administrator later attempts to delete the project or its associated resource The following versions are impacted by the shortcomings - CVE-2025-66209, CVE-2025-66210, CVE-2025-66211

• <= 4.0.0-beta.448 (Fixed in >= 4.0.0-beta.451) CVE-2025-66212, CVE-2025-66213
• <= 4.0.0-beta.450 (Fixed in >= 4.0.0-beta.451) CVE-2025-64419
• < 4.0.0-beta.436 (Fixed in >= 4.0.0-beta.445) CVE-2025-64420, CVE-2025-64424
• <= 4.0.0-beta.434 (Fix status unclear) CVE-2025-59156, CVE-2025-59157, CVE-2025-59158
• <= 4.0.0-beta.420.6 (Fixed in 4.0.0-beta.420.7) Source: Censys According to data from attack surface management platform Censys, there are about 52,890 exposed Coolify hosts as of January 8, 2026, with most of them located in Germany (15,000), the U.S. (9,800), France (8,000), Brazil (4,200), and Finland (3,400) While there are no indications that any of the flaws have been exploited in the wild, it’s essential that users move quickly to apply the fixes as soon as possible in light of their severity. Found this article interesting?

Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

OpenAI Launches ChatGPT Health with Isolated, Encrypted Health Data Controls

Artificial intelligence (AI) company OpenAI on Wednesday announced the launch of ChatGPT Health, a dedicated space that allows users to have conversations with the chatbot about their health. To that end, the sandboxed experience offers users the optional ability to securely connect medical records and wellness apps, including Apple Health, Function, MyFitnessPal, Weight Watchers, AllTrails, Instacart, and Peloton, to get tailored responses, lab test insights, nutrition advice, personalized meal ideas, and suggested workout classes. The new feature is rolling out for users with ChatGPT Free, Go, Plus, and Pro plans outside of the European Economic Area, Switzerland, and the U.K. “ChatGPT Health builds on the strong privacy, security, and data controls across ChatGPT with additional, layered protections designed specifically for health – including purpose-built encryption and isolation to keep health conversations protected and compartmentalized,” OpenAI said in a statement.

Stating that over 230 million people globally ask health and wellness-related questions on the platform every week, OpenAI emphasized that the tool is designed to support medical care, not replace it or be used as a substitute for diagnosis or treatment. The company also highlighted the various privacy and security features built into the Health experience - Health operates in silo with enhanced privacy and its own memory to safeguard sensitive data using “purpose-built” encryption and isolation Conversations in Health are not used to train OpenAI’s foundation models Users who attempt to have a health-related conversation in ChatGPT are prompted to switch over to Health for additional protections Health information and memories is not used to contextualize non-Health chats Conversations outside of Health cannot access files, conversations, or memories created within Health Apps can only connect with users’ health data with their explicit permission, even if they’re already connected to ChatGPT for conversations outside of Health All apps available in Health are required to meet OpenAI’s privacy and security requirements, such as collecting only the minimum data needed, and undergo additional security review for them to be included in Health Furthermore, OpenAI pointed out that it has evaluated the model that powers Health against clinical standards using HealthBench⁠ , a benchmark the company revealed in May 2025 as a way to better measure the capabilities of AI systems for health, putting safety, clarity, and escalation of care in focus. “This evaluation-driven approach helps ensure the model performs well on the tasks people actually need help with, including explaining lab results in accessible language, preparing questions for an appointment, interpreting data from wearables and wellness apps, and summarizing care instructions,” it added. OpenAI’s announcement follows an investigation from The Guardian that found Google AI Overviews to be providing false and misleading health information.

OpenAI and Character.AI are also facing several lawsuits claiming their tools drove people to suicide and harmful delusions after confiding in them. A report published by SFGate earlier this week detailed how a 19-year-old died of a drug overdose after trusting ChatGPT for medical advice. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting Microsoft Office and Hewlett Packard Enterprise (HPE) OneView to its Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. The vulnerabilities are listed below - CVE-2009-0556 (CVSS score: 8.8) - A code injection vulnerability in Microsoft Office PowerPoint that allows remote attackers to execute arbitrary code by means of memory corruption CVE-2025-37164 (CVSS score: 10.0) - A code injection vulnerability in HPW OneView that allows a remote unauthenticated user to perform remote code execution Details of CVE-2025-37164 emerged last month when HPE said the vulnerability impacts all versions of the software prior to version 11.00. The company also made available hotfixes for OneView versions 5.20 through 10.

The scope and source of the attacks targeting the two flaws is presently unclear, and there appear to be no public reports referencing their exploitation in the wild. However, a report from eSentire on December 23, 2025, revealed the release of a detailed proof-of-concept (PoC) exploit for CVE-2025-37164. “Public availability of PoC exploit code significantly increases the risk to organizations running affected versions of the application,” eSentire said . “As the vulnerability impacts all versions prior to 11.0, organizations are strongly advised to apply the required updates to mitigate the potential risk of exploitation.” Pursuant to Binding Operational Directive (BOD) 22-01 , Federal Civilian Executive Branch (FCEB) agencies are recommended to apply the necessary fixes by January 28, 2026, to secure their networks against active threats.

Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Webinar: Learn How AI-Powered Zero Trust Detects Attacks with No Files or Indicators

Security teams are still catching malware. The problem is what they’re not catching. More attacks today don’t arrive as files. They don’t drop binaries.

They don’t trigger classic alerts. Instead, they run quietly through tools that already exist inside the environment — scripts, remote access, browsers, and developer workflows. That shift is creating a blind spot. Join us for a deep-dive technical session with the Zscaler Internet Access team.

They will reveal how to unmask “hidden-in-plain-sight” tactics, why traditional defenses fall short, and exactly what needs to change. Secure your spot for the live session ➜ In this session, experts will cover: “Living off the Land” Attacks: These use trusted system tools like PowerShell, WMI, or remote desktop. File-based detection often sees nothing wrong because, technically, nothing new was installed. Fileless “Last Mile” Reassembly Attacks: Obfuscated HTML and JavaScript can execute malicious logic without ever delivering a clear payload to the endpoint.

Legacy tools struggle here because there is no file to scan. Securing Developer Environments: CI/CD pipelines and third-party repositories move fast and rely heavily on encrypted traffic. Malicious code and risky dependencies can slip through when inspection and visibility are limited. The webinar focuses on how cloud-native inspection, behavior analysis, and zero-trust design are being used to surface these hidden attack paths before they reach users or production systems.

This is not a breach postmortem or a vulnerability alert. It’s a practical look at how modern attacks operate — and why relying on file-based signals alone is no longer enough. For SOC teams, IT leaders, and security architects trying to close real gaps without slowing the business, this session is designed to be short, concrete, and directly applicable. Join us to learn how to gain visibility into the activity that matters most.

Register for the Webinar ➜ Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches

A cybercrime gang known as Black Cat has been attributed to a search engine optimization (SEO) poisoning campaign that employs fraudulent sites advertising popular software to trick users into downloading a backdoor capable of stealing sensitive data. According to a report published by the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC) and Beijing Weibu Online (aka ThreatBook), the activity is designed to strategically push bogus sites to the top of search results on search engines like Microsoft Bing, specifically targeting users looking for programs like Google Chrome, Notepad++, QQ International, and iTools. “After visiting these high-ranking phishing pages, users are lured by carefully constructed download pages, attempting to download software installation packages bundled with malicious programs,” CNCERT/CC and ThreatBook said. “Once installed, the program implants a backdoor Trojan without the user’s knowledge, leading to the theft of sensitive data from the host computer by attackers.” Black Cat is assessed to be active since at least 2022, orchestrating a series of attacks designed for data theft and remote control using malware distributed via SEO poisoning campaigns.

In 2023, the group is said to have stolen at least $160,000 worth of cryptocurrency by impersonating AICoin, a popular virtual currency trading platform. In the latest set of attacks, users searching for Notepad++ are served links to a convincing phishing site masquerading as associated with the software program (“cn-notepadplusplus[.]com”). Other domains registered by Black Cat include “cn-obsidian[.]com,” “cn-winscp[.]com,” and “notepadplusplus[.]cn.” The inclusion of “cn” in the domain names indicates that the threat actors are specifically going after Chinese users who may be looking for such tools via search engines. Should unsuspecting users end up clicking the “download” button on the fake website, they are redirected to another URL that mimics GitHub (“github.zh-cns[.]top”) from where a ZIP archive can be downloaded.

Present within the ZIP file is an installer that creates a shortcut on the user’s desktop. The shortcut acts as the entry point for side-loading a malicious DLL that, in turn, launches the backdoor. The malware establishes contact with a hard-coded remote server (“ sbido[.]com:2869 “), allowing it to steal web browser data, log keystrokes, extract clipboard contents, and other valuable information from the compromised host. CNCERT/CC and ThreatBook noted that the Black Cat cybercrime syndicate has compromised about 277,800 hosts across China between December 7 and 20, 2025, with the highest daily number of compromised machines within the country scaling a high of 62,167.

To mitigate the risk, users are advised to refrain from clicking on links from unknown sources and stick to trusted sources for downloading software. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

Critical n8n Vulnerability (CVSS 10.0) Allows Unauthenticated Attackers to Take Full Control

Cybersecurity researchers have disclosed details of yet another maximum-severity security flaw in n8n , a popular workflow automation platform, that allows an unauthenticated remote attacker to gain complete control over susceptible instances. The vulnerability, tracked as CVE-2026-21858 (CVSS score: 10.0), has been codenamed Ni8mare by Cyera Research Labs. Security researcher Dor Attias has been acknowledged for discovering and reporting the flaw on November 9, 2025. “A vulnerability in n8n allows an attacker to access files on the underlying server through execution of certain form-based workflows,” n8n said in an advisory published today.

“A vulnerable workflow could grant access to an unauthenticated remote attacker. This could result in exposure of sensitive information stored on the system and may enable further compromise depending on deployment configuration and workflow usage.” With the latest development, n8n has disclosed four critical vulnerabilities over the last two weeks - CVE-2025-68613 (CVSS score: 9.9) - An improper control of dynamically-managed code resources that could allow authenticated attackers to achieve remote code execution (RCE) under certain conditions (Fixed in versions 1.120.4, 1.121.1, and 1.122.0) CVE-2025-68668 or N8scape (CVSS score: 9.9) - A sandbox bypass vulnerability that could allow an authenticated user with permission to create or modify workflows to execute arbitrary commands on the host system running n8n (Fixed in version 2.0.0) CVE-2026-21877 (CVSS score: 10.0) - An unrestricted upload of a file with a dangerous type vulnerability that could allow an authenticated attacker to execute untrusted code via the n8n service, leading to full compromise of the instance (Fixed in version 1.121.3) However, unlike these flaws, CVE-2026-21858 does not require any credentials and takes advantage of a “ Content-Type “ confusion flaw to extract sensitive secrets, forge administrator access, and even execute arbitrary commands on the server. The vulnerability affects all versions of n8n prior to and including 1.65.0. It has been addressed in version 1.121.0, which was released on November 18, 2025.

It’s worth noting that the latest versions of the library are 1.123.10, 2.1.5, 2.2.4, and 2.3.0. According to technical details shared by Cyera with The Hacker News, the crux of the problem is rooted in the n8n webhook and file handling mechanism. Webhooks, which are crucial to receive data from apps and services when certain events occur, are triggered after the incoming request is parsed using a function named “parseRequestBody().” Specifically, the function is designed to read the “Content-Type” header in the request and invoke another function to parse the request body - Use parseFormData(), aka “file upload parser,” if the “Content-Type” header is “ multipart/form-data ,” denoting form data Use parseBody() aka “regular body parser” for all other content types The file upload parser, in turn, uses the parse() function associated with formidable , a Node.js module for parsing form data, and stores the decoded result in a global variable called “req.body.files.” This populated data is processed by the webhook, which only runs when the “Content-Type” header is set to “multipart/form-data.” In contrast, the regular body parser processes the incoming HTTP request body and stores the extracted data in a different global variable known as “req.body.” CVE-2026-21858 occurs when a file-handling function is run without first verifying that the content-type is “multipart/form-data,” potentially allowing an attacker to override req.body.files. Cyera said it found such a vulnerable flow in the function that handles form submissions (“formWebhook()”), which invokes a file-handling function (“copyBinaryFile()”) to act on “req.body.files.” “Here’s the issue: since this function is called without verifying the content type is ‘multipart/form-data,’ we control the entire req.body.files object,” Attias said.

“That means we control the filepath parameter – so instead of copying an uploaded file, we can copy any local file from the system.” “The result? Any node after the Form node receives the local file’s content instead of what the user uploaded.” As for how the attack can play out, consider a website that has a chat interface to provide information about various products based on product specification files uploaded to the organizational knowledge base using a Form workflow. With this setup in place, a bad actor can leverage the security hole to read arbitrary files from the n8n instance and escalate it further to RCE by performing the following steps - Use the arbitrary read primitive to access the database located at “/home/node/.n8n/database.sqlite” and load it into the knowledge-base Extract the administrator’s user ID, email, and hashed password using the chat interface Use the arbitrary read primitive again to load a configuration file located at “/home/node/.n8n/config” and extract the encryption secret key Use the obtained user and key information to forge a fake session cookie and obtain admin access, leading to an authentication bypass Achieve RCE by creating a new workflow with an “ Execute Command “ node “The blast radius of a compromised n8n is massive,” Cyera said. “A compromised n8n instance doesn’t just mean losing one system – it means handing attackers the keys to everything.

API credentials, OAuth tokens, database connections, cloud storage – all centralized in one place. n8n becomes a single point of failure and a goldmine for threat actors.” In light of the severity of the flaw, users are advised to upgrade to the patched version or later as soon as possible for optimal protection, avoid exposing n8n to the internet, and enforce authentication for all Forms. As temporary workarounds, it’s advised to restrict or disable publicly accessible webhook and form endpoints. Update Attack surface management platform Censys said it’s observing 26,512 exposed n8n hosts, the vast majority of which are located in the U.S.

(7,079), Germany (4,280), France (2,655), Brazil (1,347), and Singapore (1,129). Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.

n8n Warns of CVSS 10.0 RCE Vulnerability Affecting Self-Hosted and Cloud Versions

Open-source workflow automation platform n8n has warned of a maximum-severity security flaw that, if successfully exploited, could result in authenticated remote code execution (RCE). The vulnerability, which has been assigned the CVE identifier CVE-2026-21877 , is rated 10.0 on the CVSS scoring system. “Under certain conditions, an authenticated user may be able to cause untrusted code to be executed by the n8n service,” n8n said in an advisory released Tuesday. “This could result in full compromise of the affected instance.” The maintainers said both self-hosted deployments and n8n Cloud instances are impacted.

The issue impacts the following versions -

= 0.123.0 < 1.121.3 It has been addressed in version 1.121.3, which was released in November 2025. Security researcher Théo Lelasseux (@ theolelasseux ) has been credited with discovering and reporting the flaw. Users are advised to upgrade to this version or later to completely address the vulnerability. If immediate patching is not possible, it’s essential that administrators limit exposure by disabling the Git node and limiting access for untrusted users.

The disclosure comes as n8n has addressed a steady stream of critical flaws in the platform ( CVE-2025-68613 and CVE-2025-68668 , CVSS scores: 9.9) that could lead to code execution under specific conditions. Found this article interesting? Follow us on Google News , Twitter and LinkedIn to read more exclusive content we post.