IPOR Labs Loses $336K in Arbitrum Vault Exploit, Vows Full Refund

IPOR Labs suffered a $336,000 exploit targeting its USDC Fusion Optimizer vault on Arbitrum, with the attack exploiting a combination of legacy contract vulnerabilities and Ethereum’s newly ...
SecurityWeek

Hackers Exploit Zero-Day in Discontinued D-Link Devices

Threat actors are exploiting CVE-2026-0625, a critical zero-day vulnerability in discontinued D-Link devices for remote code ...
Cybernews

When workflows go rogue: critical n8n vulnerability opens door to system commands

The flaw allows authenticated n8n users with workflow-creation or modification permissions to bypass the intended security sandbox.
The Hacker News

New n8n Vulnerability (9.9 CVSS) Lets Authenticated Users Execute System Commands

Critical n8n flaw CVE-2025-68668 allows authenticated users to run system commands via workflows; affects versions 1.0.0 to ...
Security Boulevard

Top CVEs of December 2025

December 2025 was a brutal reality check for security teams. While most were winding down for the holidays, threat actors weaponized a tectonic shift in the landscape, headlined by the... The post Top ...

Critical macOS Flaw Lets Attackers Bypass Apple Privacy Controls Without Consent

A newly disclosed macOS vulnerability bypasses Apple’s TCC privacy controls, allowing silent access to files, microphone data ...
The Hacker News

CISA Flags Microsoft Office and HPE OneView Bugs as Actively Exploited

CISA adds two vulnerabilities affecting Microsoft Office and HPE OneView to its KEV list, urging agencies to patch by January ...
How-To Geek on MSN

Why I use Qubes: 3 security reasons a normal Linux distro can’t match

If you're unaware, web browsers are horribly insecure. They're like a ship with a thousand holes and a thousand sailors with ...
Hit Points on MSN

Apple tells 1.8 billion iPhone users to update now over 'extremely sophisticated attack'

Apple urgently warned 1.8 billion iPhone and iPad users of two zero-day vulnerabilities under active exploitation in ...