Category: News

On January 27, 2026, Aikido Security flagged a VS Code extension called “ClawdBot Agent” — a fully functional AI coding assistant that silently drops a ScreenConnect Remote Access Tool (RAT)…

The IPVanish VPN application for macOS contains a critical privilege escalation vulnerability that allows any unprivileged local process to execute arbitrary code as root without user interaction. The attack vector…

A Critical-severity Unsafe Protocol Handling flaw affecting DeepChat, a popular open-source Electron-based AI chat desktop application. The issue resides in the application’s preload script at src/preload/index.ts, specifically in the openExternal…

We discovered a critical vulnerability in n8n, a widely used workflow automation platform, that enables arbitrary command execution on the underlying server. The severity comes from how easily it can…

In November 2025, SOC teams around the world started noticing something strange. Servers running XWiki, widely used for internal documentation and collaboration, were suddenly maxing out CPU usage. Systems were…

A critical flaw (CVE-2025-68613, CVSS 9.9) in n8n allows remote code execution through expression injection, risking full system compromise and requiring immediate patching. 

Two new vulnerabilities in React and Next.js,  have exposed a critical weakness in the React Server Components’ (RSC) “Flight” protocol. These vulnerabilities, known as CVE-2025-55182 and its corresponding vulnerability in…

The misuse of Anthropic’s Claude AI by a suspected Chinese threat group is a clear indication of what an agentic model can do. Even with limited details released so far,…

In the evolving landscape of cybersecurity threats, some of the most dangerous attacks are not the loudest or most dramatic – they are the ones that fly under the radar.…