Critical n8n Vulnerability (CVSS 10.0) Enables Unauthenticated Attackers to Take Full Control
Security researchers disclosed CVE-2026-21858, a maximum-severity flaw in the n8n workflow automation platform nicknamed “Ni8mare” that allows unauthenticated remote attackers to gain complete control over vulnerable instances. The vulnerability stems from a Content-Type confusion issue in n8n’s webhook and file handling mechanism, enabling attackers to extract sensitive secrets, forge administrator access, and execute arbitrary commands on the server without requiring any credentials. The flaw affects all versions of n8n prior to and including 1.65.0, with patches released in version 1.121.0 on November 18, 2025, though many organizations may still be running vulnerable versions as the latest releases are now 1.123.10, 2.1.5, 2.2.4, and 2.3.0.
Google Patches High-Severity WebView Vulnerability Enabling Security Policy Bypass
Google released Chrome versions 143.0.7499.192 and 143.0.7499.193 on January 6, 2026, addressing CVE-2026-0628, a high-severity vulnerability in WebView that could allow attackers to circumvent critical security policies and execute unauthorized actions. The flaw involves insufficient policy enforcement within the WebView tag, which serves as the rendering backbone for in-app browsing across the Android ecosystem, potentially compromising user data and system security across thousands of third-party applications. Security experts warn that this vulnerability’s impact extends far beyond desktop browsers, as WebView is a foundational component that renders web content across Chrome, Android applications, and numerous third-party apps used by millions of users worldwide.
CISA Adds Two Actively Exploited Vulnerabilities to KEV Catalog, Orders Federal Patch by January 28
The Cybersecurity and Infrastructure Security Agency added two new vulnerabilities to its Known Exploited Vulnerabilities catalog on January 7, based on evidence of active exploitation in the wild. The additions include CVE-2009-0556, a legacy Microsoft Office PowerPoint code injection vulnerability from 2009, and CVE-2025-37164, an HPE OneView code injection flaw that allows remote unauthenticated users to perform remote code execution. Federal Civilian Executive Branch agencies must remediate these vulnerabilities by January 28, 2026, under Binding Operational Directive 22-01, while CISA strongly urges all organizations to prioritize timely remediation as part of their vulnerability management practices.
North Carolina Ransomware Attacks Surge Nearly 50 Percent, Contributing to Majority of Data Breaches
North Carolina experienced a significant increase in ransomware attacks during 2024, with incidents rising from 843 to 1,215, representing nearly a 50 percent surge according to the state’s latest data breach report. The report revealed that ransomware attacks contributed to more than half of all data breaches reported in 2024, affecting a wide range of targets including doctors’ offices, law firms, and schools across the state. Cybersecurity experts note that these attacks are conducted by sophisticated, fully structured criminal organizations with financial analysts, recruiting teams, and support staff operating as legitimate enterprises, though with criminal intent.
Cloud and SaaS Security Threats Converge as Ransomware Groups Target Microsoft 365 Directly
Security experts warn that 2026 will see a continued rise in cloud-native intrusions, with ransomware groups increasingly targeting platforms like Microsoft 365 directly and using cloud footholds to pivot into on-premises environments. Third-party SaaS supply chains are expected to become the primary entry point for breaches, as threat actors exploit the sprawling web of integrations and dependencies that most organizations struggle to inventory, with many SaaS providers still treating core security features like multi-factor authentication and audit logs as premium add-ons rather than standard offerings. According to Microsoft’s own reports, attackers are trending toward using cloud attacks as initial access points to then move laterally into on-premise environments, with direct attacks such as ransomware and data exfiltration targeting services like SharePoint and OneDrive.
