Two critical-severity n8n vulnerabilities could have led to unauthenticated remote code execution, sandbox escape, and credential theft.

Hidden instructions in content can subtly bias AI, and our scenario shows how prompt injection works, highlighting the need for oversight and a structured response playbook.

A vulnerability in the Ally WordPress plugin exposes over 200,000 websites to sensitive information disclosure via SQL queries.

Researchers at Endor Labs uncovered 88 new packages tied to new waves of the campaign, which uses remote dynamic dependencies to deliver credential-stealing malware.