Posts

Showing posts with the label hacking

n8n – CVE-2025-68613: Critical RCE Vulnerability

-
Image
    A critical vulnerability ( CVE-2025-68613 ) has been identified in n8n , the popular workflow automation tool. The flaw lies in the expression evaluation system, where user-supplied expressions can escape the sandbox and access Node.js internals. This leads to arbitrary code execution with a CVSS score of 9.9 (Critical) .      n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance,...
Post a Comment
Read more

Oops, No Victims: The Largest Supply Chain Attack Stole 5 Cents

-
Image
The Biggest NPM Supply Chain Attack What is a Supply Chain Attack? A supply chain attack occurs when attackers target trusted third-party components, such as libraries or registries, instead of attacking users directly. By injecting malicious code at the source, they can spread it to all downstream users. These attacks are dangerous because updates happen automatically in build pipelines, making detection harder. A small modification in a common dependency can silently compromise thousands of projects. Defenses require strong authentication, artifact signing, reproducible builds, and active monitoring of supply chain integrity. Introduction On September 8, 2025, the npm ecosystem faced one of its largest compromises. A maintainer’s account was hijacked, and malicious versions of popular packages were published. Since npm packages are used globally in countless projects, the exposure was immediate and severe. Although the financial damage was limited, the operational dis...
Post a Comment
Location: Kanchipuram, Tamil Nadu 631502, India
Read more