The Hacker News

Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials

Two critical n8n flaws (CVSS 9.4, 9.5) enable RCE via expression sandbox escape and public forms, risking credential exposure.
The Hacker News

CISA Adds Actively Exploited VMware Aria Operations Flaw CVE-2026-22719 to KEV Catalog

CISA adds VMware Aria Operations command injection flaw CVE-2026-22719 to KEV after reports of active exploitation; patches ...
American Hospital Association

H-ISAC TLP White Vulnerability: Cisco Patches Two High-Severity Flaws in IOS XR software (CVE-2026-20040, CVE-2026-20046)

On March 11, 2026, Cisco released an advisory for IOS XR software, addressing two high-severity vulnerabilities, CVE-2026-20040 and CVE-2026-20046, which allow authenticated users to gain root and ...
SecurityWeek

Splunk, Zoom Patch Severe Vulnerabilities

Splunk and Zoom have released security updates that address multiple critical- and high-severity vulnerabilities across their products.

Zyxel warns over a dozen routers affected by critical security flaw

Zyxel fixes a handful of worrying router flaws ...
Bleeping Computer

Ivanti warns of Connect Secure zero-days exploited in attacks

Ivanti has disclosed two Connect Secure (ICS) and Policy Secure (IPS) zero-days exploited by suspected Chinese hackers in the wild that can let remote attackers execute arbitrary commands on targeted ...
Bleeping Computer

New macOS zero-day bug lets attackers run commands remotely

Security researchers disclosed today a new vulnerability in Apple's macOS Finder, which makes it possible for attackers to run commands on Macs running any macOS version up to the latest release, Big ...
CSOonline

Cisco’s ISE bugs could allow root-level command execution

Cisco is warning enterprise admins of two critical flaws within its identity and access management (IAM) solution, Identity Services Engine (ISE), that could allow attackers to obtain unauthorized ...