All Posts

INTRODUCTION CVE-2025-68668 is a sandbox bypass vulnerability in n8n , an open source workflow automation platform widely used for internal tooling, integrations, and automation pipelines. The flaw affects n8n versions from 1.0.0 up to, but not including, 2.0.0 , and allows an authenticated user with permission to create or modify workflows to execute arbitrary operating system commands on the host running n8n . At the center of this issue is the Python Code Node , which reli

Trust Wallet has disclosed that a major security breach affecting its Google Chrome browser extension was the result of a broader software supply chain attack linked to the second wave of the Shai-Hulud, also known as Sha1-Hulud, campaign observed in November 2025. The incident ultimately led to the theft of approximately $8.5 million in cryptocurrency assets. In a post-mortem released on Tuesday, the company confirmed that developer secrets stored in its GitHub environment

Introduction CVE-2025-13915 is a critical authentication bypass vulnerability affecting IBM API Connect , an enterprise API management platform used by organizations to publish, manage, and secure APIs. The issue allows a remote attacker to access protected components without proper authentication, effectively skipping the login checks that should block unauthenticated requests. IBM rated the flaw 9.8 on the CVSS scale, which already shows how serious the impact can be in rea

IBM has disclosed a critical security vulnerability in its API Connect platform that could allow attackers to bypass authentication and gain unauthorized access to the application. API Connect is commonly used by large organizations to build, manage, and secure APIs across cloud and on-prem environments, which increases the potential impact of this vulnerability. The issue, tracked as CVE-2025-13915, has a CVSS score of 9.8, placing it in the critical severity range. Accordin