More Critical Flaws on n8n Could Compromise Customer Security A new around of vulnerabilities in the popular AI automation platform could let attackers hijack servers and steal credentials.

More Critical Flaws on n8n Could Compromise Customer Security
www.darkreading.com/vulnerabilit...

#Infosec #Security #Cybersecurity #CeptBiro #CriticalFlaws #n8n #CustomerSecurity

December Patch Tuesday Brings Critical Microsoft, Notepad++, Fortinet, and Ivanti Security Fixes   While December's Patch Tuesday gave us a lighter release than normal, it arrived with several urgent vulnerabilities that need attention immediately. In all, Microsoft released 57 CVE patches to finish out 2025, including one flaw already under active exploitation and two others that were publicly disclosed. Notably, critical security updates also came from Notepad++, Ivanti, and Fortinet this cycle, making it particularly important for system administrators and enterprise security teams alike.  The most critical of Microsoft's disclosures this month is CVE-2025-62221, a Windows Cloud Files Mini Filter Driver bug rated 7.8 on the CVSS scale. It allows for privilege escalation: an attacker who has code execution rights can leverage the bug to escalate to full system-level access. Researchers say this kind of bug is exploited on a regular basis in real-world intrusions, and "patching ASAP" is critical. Microsoft hasn't disclosed yet which threat actors are actively exploiting this flaw; however, experts explain that bugs like these "tend to pop up in almost every big compromise and are often used as stepping stones to further breach".  Another two disclosures from Microsoft were CVE-2025-54100 in PowerShell and CVE-2025-64671, impacting GitHub Copilot for JetBrains. Although these are not confirmed to be exploited, they were publicly disclosed ahead of patching. Graded at 8.4, the Copilot vulnerability would have allowed for remote code execution via malicious cross-prompt injection, provided a user is tricked into opening untrusted files or connecting to compromised servers. Security researchers expect more vulnerabilities of this type to emerge as AI-integrated development tools expand in usage.  But one of the more ominous developments outside Microsoft belongs to Notepad++. The popular open-source editor pushed out version 8.8.9 to patch a weakness in the way updates were checked for authenticity. Attackers were managing to intercept network traffic from the WinGUp update client, then redirecting users to rogue servers, where malicious files were downloaded instead of legitimate updates. There are reports that threat groups in China were actively testing and exploiting this vulnerability. Indeed, according to the maintainer, "Due to the improper update integrity validation, an adversary was able to manipulate the download"; therefore, users should upgrade as soon as possible.  Fortinet also patched two critical authentication bypass vulnerabilities, CVE-2025-59718 and CVE-2025-59719, in FortiOS and several related products. The bugs enable hackers to bypass FortiCloud SSO authentication using crafted SAML messages, which only works if SSO has been enabled. Administrators are advised to disable the feature until they can upgrade to patched builds to avoid unauthorized access. Rounding out the disclosures, Ivanti released a fix for CVE-2025-10573, a severe cross-site scripting vulnerability in its Endpoint Manager. The bug allows an attacker to register fake endpoints and inject malicious JavaScript into the administrator dashboard. Viewed, this could serve an attacker full control over the session without credentials. There has been no observed exploitation so far, but researchers warn that it is likely attackers will reverse engineer the fix soon, making for a deployment environment of haste.

December Patch Tuesday Brings Critical Microsoft, Notepad++, Fortinet, and Ivanti Security Fixes #CriticalFlaws #Criticalsecurityflaw #CVE

Over 800 N-able servers left unpatched against critical flaws Over 800 N-able N-central servers remain unpatched against a pair of critical security vulnerabilities tagged as actively exploited last week.

Over 800 N-able servers left unpatched against critical flaws
www.bleepingcomputer.com/news/securit...

#Infosec #Security #Cybersecurity #CeptBiro #800NableServers #Unpatched #CriticalFlaws

Critical Flaws Discovered in Jupiter X Core WordPress Plugin Affecting Over 90,000 Sites Uncover the critical vulnerabilities in Jupiter X Core WordPress plugin. Learn how these flaws can put your website at risk and how to mitigate them.

Critical Flaws Discovered in Jupiter X Core WordPress Plugin Affecting Over 90,000 Sites
securityonline.info/critical-fla...
#Infosec #Security #Cybersecurity #CeptBiro #CriticalFlaws #JupiterXCore #WordPressPlugin

https://securityonline.info/flaws-in-red-hat-openshift-cve-2024-45496-cve-2024-7387/

Critical Flaws in Red Hat OpenShift: CVE-2024-45496 (CVSS 9.9) & CVE-2024-7387 (CVSS 9.1)
securityonline.info/flaws-in-red...
#Infosec #Security #Cybersecurity #CeptBiro #CriticalFlaws #RedHat #OpenShift

Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks Cisco addresses two critical vulnerabilities in its Smart Licensing Utility, urging users to update immediately.

Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks
thehackernews.com/2024/09/cisc...
#Infosec #Security #Cybersecurity #CeptBiro #Cisco #CriticalFlaws #SmartLicensingUtility #RemoteAttacks

Critical Flaws in Progress Software WhatsUp Gold Expose Systems to Full Compromise Censys warns of over 1,200 internet-accessible WhatsUp Gold instances potentially exposed to malicious attacks.

Critical Flaws in Progress Software WhatsUp Gold Expose Systems to Full Compromise
www.securityweek.com/critical-fla...
#Infosec #Security #Cybersecurity #CeptBiro #CriticalFlaws #ProgressSoftwareWhatsUpGold

Critical Flaws In Traffic Light Controller Let Attackers Change Signal Lights A critical vulnerability in a traffic light controller has been found, which might give attackers the ability to change the lights and cause

Critical Flaws In Traffic Light Controller Let Attackers Change Signal Lights
cybersecuritynews.com/traffic-ligh...
#Infosec #Security #Cybersecurity #CeptBiro #CriticalFlaws #TrafficLightController

SolarWinds Patches 8 Critical Flaws in Access Rights Manager Software SolarWinds releases critical security patches for Access Rights Manager software to prevent potential data breaches and code execution.

SolarWinds Patches 11 Critical Flaws in Access Rights Manager Software
thehackernews.com/2024/07/sola...
#Infosec #Security #Cybersecurity #CeptBiro #SolarWinds #CriticalFlaws #AccessRightsManagerSoftware