Posts

Showing posts with the label unicode

n8n – CVE-2025-68613: Critical RCE Vulnerability

-
Image
    A critical vulnerability ( CVE-2025-68613 ) has been identified in n8n , the popular workflow automation tool. The flaw lies in the expression evaluation system, where user-supplied expressions can escape the sandbox and access Node.js internals. This leads to arbitrary code execution with a CVSS score of 9.9 (Critical) .      n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime. An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance,...
Post a Comment
Read more

Sometime slash might be Unicode Hiragana

-
Image
Cybercriminals Exploit Unicode Trick to Mimic Booking.com in Phishing Scam Threat actors have launched a new phishing campaign targeting Booking.com users , leveraging Unicode characters to disguise malicious links as legitimate ones. This attack shows how easily scammers can trick people with subtle visual deceptions. How the Attack Works The campaign uses the Japanese hiragana character “ん” (Unicode U+3093) inside phishing URLs. On some systems and fonts, this symbol looks like a forward slash (/) or part of a subdirectory, making the fake URL appear genuine. For example, a phishing email may display the link (appears safe but is deceptive): https://admin.booking.com/hotel/hoteladmin/... But the actual malicious hyperlink is different (neutralized below for safety): https://account.booking.comんdetailんrestric-access.www-account-booking[.]com/en/ At first glance, it looks like a real Booking.com page. In reality, the true registered domain is “www-account-booking[.]co...
Post a Comment
Read more