DEAD#VAX campaign delivers AsyncRAT via IPFS-hosted VHD phishing files, using fileless memory injection and obfuscated scripts to evade detection.
Category: cybercrime/malcode – Page 11
Critical n8n flaws disclosed along with public exploits
Multiple critical vulnerabilities in the popular n8n open-source workflow automation platform allow escaping the confines of the environment and taking complete control of the host server.
Collectively tracked as CVE-2026–25049, the issues can be exploited by any authenticated user who can create or edit workflows on the platform to perform unrestricted remote code execution on the n8n server.
Researchers at several cybersecurity companies reported the problems, which stem from n8n’s sanitization mechanism and bypass the patch for CVE-2025–68613, another critical flaw addressed on December 20.
CISA warns of five-year-old GitLab flaw exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems against a five-year-old GitLab vulnerability that is actively being exploited in attacks.
GitLab patched this server-side request forgery (SSRF) flaw (tracked as CVE-2021–39935) in December 2021, saying it could allow unauthenticated attackers with no privileges to access the CI Lint API, which is used to simulate pipelines and validate CI/CD configurations.
“When user registration is limited, external users that aren’t developers shouldn’t have access to the CI Lint API,” the company said at the time.
New Amaranth Dragon cyberespionage group exploits WinRAR flaw
A new threat actor called Amaranth Dragon, linked to APT41 state-sponsored Chinese operations, exploited the CVE-2025–8088 vulnerability in WinRAR in espionage attacks on government and law enforcement agencies.
The hackers combined legitimate tools with the custom Amaranth Loader to deliver encrypted payloads from command-and-control (C2) servers behind Cloudflare infrastructure, for more accurate targeting and increased stealth.
According to researchers at cybersecurity company Check Point, Amaranth Dragon targeted organizations in Singapore, Thailand, Indonesia, Cambodia, Laos, and the Philippines.
Pushback Works: Adobe Animate Is Not Shutting Down
According to the company’s new announcement, the earlier warning stating that March 1, 2027, would be the application’s final day should now be disregarded, as Adobe is neither discontinuing nor removing access to Adobe Animate, and there is no longer any deadline or date set for when Animate will stop being available.
Going forward, the software will remain accessible to both new and existing users, although Adobe has confirmed that users shouldn’t expect the addition of any new features. Instead, the program will remain in a perpetual “maintenance mode,” meaning Adobe will continue supporting the application and providing regular security updates and bug fixes.
Microsoft to disable NTLM by default in future Windows releases
Microsoft announced that it will disable the 30-year-old NTLM authentication protocol by default in upcoming Windows releases due to security vulnerabilities that expose organizations to cyberattacks.
NTLM (short for New Technology LAN Manager) is a challenge-response authentication protocol introduced in 1993 with Windows NT 3.1 and is the successor to the LAN Manager (LM) protocol.
Kerberos has superseded NTLM and is now the current default protocol for domain-connected devices running Windows 2000 or later. While it was the default protocol in older Windows versions, NTLM is still used today as a fallback authentication method when Kerberos is unavailable, even though it uses weak cryptography and is vulnerable to attacks.