n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails

Threat actors have been observed weaponizing n8n, a popular artificial intelligence AI workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails. "By leveraging trusted infrastructure, these...

CVE-2026-5329 Rapid7 Velociraptor Improper Input Validation in Client Message Handler

Rapid7 Velociraptor versions prior to 0.76.2 contain an improper input validation vulnerability in the client monitoring message handler on the Velociraptor server primarily Linux that allows an authenticated remote attacker to write to arbitrary internal server queues via a crafted monitoring...

Slink 安全漏洞

Slink is a self-hosted image sharing service by the individual developer Andrii Kryvoviaz. A security vulnerability exists in Slink v1.4.9, which stems from the vulnerability of specially crafted SVG uploads to stored cross-site scripting attacks...

CVE-2024-52271

User Interface UI Misrepresentation of Critical Information vulnerability in Documenso allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed e.g. via Google Chrome - Examine the print preview: Will render the vulnerability only, not all...

Nextcloud Talk 访问控制错误漏洞

Nextcloud Talk is a self-hosted local audio/video and chat communication service from Nextcloud Germany. An access control error vulnerability exists in Nextcloud Talk. An attacker could use this vulnerability to access a user's Nextcloud files and view conversations...