Ivanti has patched CVE-2026-1281 and CVE-2026-1340, two Endpoint Manager Mobile (EPMM) flaws exploited as zero-days.

Too slow react-ion time Baddies are exploiting a critical bug in React Native's Metro development server to deliver malware ...

ESET researchers discover an Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation.

Two vulnerabilities in n8n’s sandbox mechanism could be exploited for remote code execution (RCE) on the host system.

A JavaScript sandbox bug rated CVSS 9.9 enables attackers to bypass AST‑based protections, while a Python execution bypass ...

Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host.

Straight to the End of the Line.

Hackers are targeting developers by exploiting the critical vulnerability CVE-2025-11953 in the Metro server for React Native to deliver malicious payloads for Windows and Linux.

This week’s cybersecurity recap highlights key attacks, zero-days, and patches to keep you informed and secure.

The alerts highlight security flaws in Apple’s productivity apps and Google’s Chrome browser for desktop computers.