New ClickFix attack abuses nslookup to retrieve PowerShell payload via DNS

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.

Flaws in popular VSCode extensions expose developers to attacks

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local ...
SecurityWeek

Critical N8n Sandbox Escape Could Lead to Server Compromise

A critical n8n flaw could allow attackers to use crafted expressions in workflows to execute arbitrary commands on the host.
The Hacker News

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

Critical n8n v CVE-2026-25049 allows authenticated workflow abuse to execute system commands and expose server data.
SecurityWeek

Vulnerabilities in Popular PDF Platforms Allowed Account Takeover, Data Exfiltration

Vulnerabilities in PDF platforms from Foxit and Apryse could have been exploited for account takeover, data exfiltration, and ...

Chrome Vulnerabilities Allow Code Execution, Browser Crashes

Google released a Chrome security update fixing two high-severity flaws that could enable code execution or crashes via malicious websites.
AdExchanger

The IAB Tech Lab Publisher Protocol for 2026: A Q&A With Anthony Katsur

In the weeks leading up to the IAB Annual Leadership Meeting, there was an uproar on LinkedIn about the agenda. Publishers ...
Security Boulevard

JFrog Researchers Surface Vulnerabilities in AI Automation Platform from n8n

JFrog security researchers have exposed two critical vulnerabilities (CVE-2026-1470, rated 9.9; and CVE-2026-0863, rated 8.5) in the n8n workflow automation platform.
The Coventry Observer

CrazyTime.com and the New Standard of Transparency in Online Play

An in-depth look at how CrazyTime. com raises the bar for transparency and information access, changing how players ...

Plan for extended stock trading hours in Canada could be ‘profoundly disruptive,’ TSX warns

Permitting CIX to start an alternative trading system, TMX said, would cause ‘structural changes across the entire ecosystem’ ...

New Architecture, New Risks: One-Click to Pwn IDIS IP Cameras

Modern capabilities, such as cloud-powered management, analytics, and detection, have introduced a new architectural era to IP-based video surveillance, which remains a prominent safety feature across ...