Critical n8n vulnerability CVE-2026–25049 allows authenticated workflow abuse to execute system commands and expose server data.
Get the latest international news and world events from around the world.
Microsoft rolls out native Sysmon monitoring in Windows 11
Microsoft has started rolling out built-in Sysmon functionality to some Windows 11 systems enrolled in the Windows Insider program.
Microsoft first revealed plans to integrate Sysmon natively into Windows 11 and Windows Server in November, when it also confirmed that it will soon release detailed documentation.
Sysmon (short for System Monitor) is a free Microsoft Sysinternals tool (and a Windows system service and device driver) that monitors for and blocks malicious/suspicious activity, logging it to the Windows Event Log.
Critical n8n flaws disclosed along with public exploits
Multiple critical vulnerabilities in the popular n8n open-source workflow automation platform allow escaping the confines of the environment and taking complete control of the host server.
Collectively tracked as CVE-2026–25049, the issues can be exploited by any authenticated user who can create or edit workflows on the platform to perform unrestricted remote code execution on the n8n server.
Researchers at several cybersecurity companies reported the problems, which stem from n8n’s sanitization mechanism and bypass the patch for CVE-2025–68613, another critical flaw addressed on December 20.
CISA warns of five-year-old GitLab flaw exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems against a five-year-old GitLab vulnerability that is actively being exploited in attacks.
GitLab patched this server-side request forgery (SSRF) flaw (tracked as CVE-2021–39935) in December 2021, saying it could allow unauthenticated attackers with no privileges to access the CI Lint API, which is used to simulate pipelines and validate CI/CD configurations.
“When user registration is limited, external users that aren’t developers shouldn’t have access to the CI Lint API,” the company said at the time.
New Amaranth Dragon cyberespionage group exploits WinRAR flaw
A new threat actor called Amaranth Dragon, linked to APT41 state-sponsored Chinese operations, exploited the CVE-2025–8088 vulnerability in WinRAR in espionage attacks on government and law enforcement agencies.
The hackers combined legitimate tools with the custom Amaranth Loader to deliver encrypted payloads from command-and-control (C2) servers behind Cloudflare infrastructure, for more accurate targeting and increased stealth.
According to researchers at cybersecurity company Check Point, Amaranth Dragon targeted organizations in Singapore, Thailand, Indonesia, Cambodia, Laos, and the Philippines.
Viridian inks cooperative agreement with Air Force Research Laboratory
SAN FRANCISCO — Viridian Space Corp. signed a cooperative research and development agreement (CRADA) with the Air Force Research Laboratory.
The five-year CRADA will provide the Southern California startup with access to testing facilities and satellite-operations expertise at AFRL’s Kirtland Air Force Base in New Mexico.
“There seems to be a good collaborative opportunity for testing our technology on the ground and, when we fly, collecting and sharing data from the [Very Low Earth Orbit] VLEO environment,” Viridian Space CEO Rostislav Spektor told SpaceNews. “Characterizing the VLEO environment is important for satellites that fly in VLEO and for satellites traveling to higher orbits that fly through VLEO.”