⚙️ n8n RCE Vulnerability and the Hidden Risk of Automation Platforms​ ​ CVE-2025-68613 (CVSS 9.9) affects n8n, a widely used workflow automation platform.​ ​ 🔍 Key takeaway​ The real risk is not just the vulnerability itself, but internet-exposed n8n instances acting as

🚨 Threat Hunting Spotlight: MongoBleed (CVE-2025-14847) 🚨 Inspired by Eric Capuano’s write-up, I built a KQL detection query to help defenders hunt for signs of MongoBleed activity in their environments.🔍 This detection leverages Microsoft Defender XDR to surface suspicious

A look at an Android ITW DNG exploit. Quram library exploit technical details (CVE-2025-21042) https://t.co/DvczPhO6JZ #infosec

A few weeks ago I found an unauthenticated IDOR vulnerability in Ninja Forms Wordpress plugin (600k+ active installs) and received $1,600 for the report (CVE-2025-11924). Huge thanks to @wordfence for handling it professionally. It’s incredible that such simple bugs still exist.

🚨 CVE-2025-6389: WordPress Sneeit Framework plugin vulnerability currently under active exploitation PoC: https://t.co/2oWmA3t8v1 ▪️Vulnerability Type: Remote Code Execution (RCE) ▪️CVSS: 9.8 ▪️Published: 11/24/2025 Impact: ▪️Full site compromise ▪️Create admin accounts

CVE-2025-14847 Github: https://t.co/k19CKCsE7n #hacking #hacker #python #cve #cybersecurity

Analysis of a Use-After-Free in the Linux XFRM subsystem (CVE-2025-39965) by @streypaws https://t.co/ZWOVtBV6Jg #infosec #Linux

31 new OPEN, 33 new PRO (31 + 2) Lumma Stealer, Landupdate808, TA569, Ghostframe Phishing Kit, StealC_V2, several CVEs (beward CVE-2019-25246, Ivanti CVE-2025-4427 (new variants), sgbox CVE-2025-14704 - 14709), and much more. https://t.co/bFNUmNuT8j

CVE-2025-14847 (MongoBleed): MongoDB mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client PoC: https://t.co/YqFsskU3cV

GitHub - Chocapikk/CVE-2025-68926: CVE-2025-68926 - RustFS Hardcoded gRPC Authentication Token Exploit -

How did this get a CVE? https://t.co/UOynSeckcR it was already a thing 7-8 years ago... https://t.co/ngcMxzfR1p https://t.co/eJt7jqWAGI

⚠️⚠️ CVE-2026-21440(CVSS 9.2): New AdonisJS Critical Flaw Allows Arbitrary File Writes and RCE 🔗FOFA Link: https://t.co/1X2MKcb3Ov 🎯44.5k+ Results are found on the https://t.co/pb16tGYaKe nearly year. FOFA Query: app="adonis-Framework" 🔖Refer: https://t.co/8m14u8zwmo #OSINT

🔒Unauthenticated XSS in Palo Alto GlobalProtect (CVE-2025-0133) 🌏 Impact: Steal authcookies to hijack VPN sessions. Tip: Test XML/SVG namespaces in VPN gateways; they often bypass HTML filters. #BugBounty #bugbountytips #Trending #xss #Hacking

⚠️We are observing elevated Fortinet exploit activity from various TOR exit nodes The exploit traffic is a mix of recent exploits like CVE-2025-64446 and credential stuffing attempts using legitimate-looking credentials Associated IP addresses 199.195.253.180 204.8.96.179

Bought a tranche of $cve on gap down this morning

IBM API Connect is affected by a critical authentication bypass vulnerability (CVE-2025-13915), allowing remote attackers to access applications without credentials. Update affected versions (10.0.8.0-10.0.8.5, 10.0.11.0) with IBM iFixes now. Read more: https://t.co/aILsWO937b

Wiz Research has published a new simple Nuclei template for reliably detecting MongoBleed (CVE-2025-14847). We've also updated our blogpost with additional guidance on determining exploitability depending on how you're using MongoDB:

Made an exploit for Net-SNMP's snmptrapd buffer overflow (CVE-2025-68615) due to missing type and bound checks. Though not exploitable due to ASLR/stack canaries. Quite interesting! Blog: https://t.co/7XfPXAPtoR PoC: https://t.co/Vya5FaSccN Credit: buddurid (ZDI-25-1181)

iOS 26.2 - 18.0 JAILBREAK News: New KERNEL ROOT & WebKit (Safari) Vulnerability Discovered! All Devices 🌟 NEW VIDEO: https://t.co/QdFqB2JRO1 We're discussing the security content of iOS 26.2 which patches several important vulnerabilities including CVE-2025-46285, a kernel