News

A big finish to 2025 in December’s Patch Tuesday

Bys s January 14, 2026

A month with no Critical-severity Windows bugs is overshadowed by a mass of Mariner mop-up

Categories: X-ops

Tags: threat research, featured, Microsoft, Patch Tuesday, zero days

News

PowerSchool Incident: A few resources for teachers, parents, and former students
Bys s January 10, 2025

DataBreaches is trying to keep up with updates from PowerSchool, but from the outset, DataBreaches has recommended districts, parents, and teachers assume the worst — i.e., assume that all of the data really weren’t deleted permanently. On the premise of better safe than sorry, and reminding people that PowerSchool’s attorney is not YOUR attorney, here…

Read More PowerSchool Incident: A few resources for teachers, parents, and former students
News

Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution
Bys s January 28, 2026

Cybersecurity researchers have disclosed two new security flaws in the n8n workflow automation platform, including a crucial vulnerability that could result in remote code execution. The weaknesses, discovered by the JFrog Security Research team, are listed below – CVE-2026-1470 (CVSS score: 9.9) – An eval injection vulnerability that could allow an authenticated user to bypass…

Read More Two High-Severity n8n Flaws Allow Authenticated Remote Code Execution
News

Data Breach Class Action Dismissed After ‘Alter Ego’ Doctrine Fails
Bys s February 28, 2025

Colleen Murphy reports that a potential class action lawsuit that relied on a legal strategy called the “alter ego doctrine” has been dismissed. Since DataBreaches is not a lawyer and has never heard of this doctrine before, Murphy’s coverage makes for an interesting read. She reports: A group of optical companies secured the dismissal of…

Read More Data Breach Class Action Dismissed After ‘Alter Ego’ Doctrine Fails
News

Hacker who breached communications app used by Trump aide stole data from across US government
Bys s May 21, 2025

A.J. Vicens and Raphael Satter report: A hacker who breached the communications service used by former Trump national security adviser Mike Waltz earlier this month intercepted messages from a broader swathe of American officials than has previously been reported, according to a Reuters review, potentially raising the stakes of a breach that has already drawn…

Read More Hacker who breached communications app used by Trump aide stole data from across US government
News

Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability
Bys s January 29, 2025

Cybersecurity researchers are warning that a critical zero-day vulnerability impacting Zyxel CPE Series devices is seeing active exploitation attempts in the wild. “Attackers can leverage this vulnerability to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration,” GreyNoise researcher Glenn Thorpe said in an alert

Read More Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability
News

Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT
Bys s May 8, 2025

Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system. The vulnerability, tracked as CVE-2025-20188, has been rated 10.0 on the CVSS scoring system. “This vulnerability is due to the presence of a…

Read More Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT

Similar Posts