Critical n8n RCE vulnerability enables full server compromise

A critical remote code execution flaw in the n8n workflow automation platform, tracked as CVE-2025-68613 (CVSS 9.9), allows authenticated users to inject expressions that escape the workflow sandbox and execute arbitrary OS commands on the host server. The issue affects versions from 0.211.0 up to but not including 1.120.4, 1.121.1, and 1.122.0, enabling full instance takeover, data exposure, and lateral movement if unpatched.

Threat Actors Exploit Zero-Day in WatchGuard Firebox Devices

A critical zero day in WatchGuard Firebox firewalls, CVE-2025-14733, is being actively exploited to achieve remote code execution on devices running Fireware OS. WatchGuard disclosed the bug late last week and CISA quickly added it to the Known Exploited Vulnerabilities catalog, prompting urgent guidance for organizations to patch or apply mitigations to exposed edge devices.

Cyberattack disrupts France’s postal service and banking arm

A suspected cyberattack has knocked France’s national postal operator La Poste and its banking arm La Banque Postale offline during the peak Christmas period, disrupting parcel delivery, in-person services, and online payments. Authorities are investigating while services remain partially degraded, with officials not yet publicly attributing the attack or detailing the intrusion method.

Blind Eagle Hackers Target Government Agencies Using PowerShell Scripts

Researchers at Zscaler’s ThreatLabz detailed a new Blind Eagle campaign against Colombian government institutions that uses legal themed phishing lures, SVG and HTML decoys, and multi stage JavaScript to trigger a fileless PowerShell based infection chain. The operation employs steganography in image files, a Caminho downloader, and a customized AsyncRAT variant delivered via process hollowing, underscoring the group’s evolving tradecraft and focus on Latin American public sector targets.

U.S. DOJ Charges 54 in ATM Jackpotting Scheme Using Ploutus Malware

The U.S. Department of Justice unsealed indictments against 54 individuals linked to a multi million dollar ATM jackpotting conspiracy that deployed Ploutus malware to force cash machines across the country to dispense money on command. Prosecutors allege the suspects are tied to the Tren de Aragua gang, with over 1,500 incidents and roughly 40 million dollars in losses since 2021, and some defendants facing potential sentences of up to hundreds of years in prison if convicted.