Sophos tops G2 Fall 2025 Reports: #1 Overall in MDR and Firewall

A new critical security vulnerability has been disclosed in n8n, an open-source workflow automation platform, that could enable an authenticated attacker to execute arbitrary system commands on the underlying host. The vulnerability, tracked as CVE-2025-68668, is rated 9.9 on the CVSS scoring system. It has been described as a case of a protection mechanism failure….

Kaspersky has disclosed the details of over a dozen vulnerabilities discovered in a Mercedes-Benz MBUX infotainment system.  The post Details Disclosed for Mercedes-Benz Infotainment Vulnerabilities appeared first on SecurityWeek.

A new investigation has unearthed nearly 200 unique command-and-control (C2) domains associated with a malware called Raspberry Robin. “Raspberry Robin (also known as Roshtyak or Storm-0856) is a complex and evolving threat actor that provides initial access broker (IAB) services to numerous criminal groups, many of which have connections to Russia,” Silent Push said in…

Apparently malicious NPM packages linked to Snyk raised some concerns, but the security firm clarified that it’s part of a research project. The post Snyk Says ‘Malicious’ NPM Packages Part of Research Project appeared first on SecurityWeek.

Brazilian users have emerged as the target of a new self-propagating malware that spreads via the popular messaging app WhatsApp. The campaign, codenamed SORVEPOTEL by Trend Micro, weaponizes the trust with the platform to extend its reach across Windows systems, adding the attack is “engineered for speed and propagation” rather than data theft or ransomware….

HHS OCR has settled another enforcement action involving the HIPAA Security Rule. From their press release yesterday, it sounds like an insider wrongdoing case. In its formal resolution agreement, the government states that on October 23, 2018, OCR received a complaint alleging that on October 8, 2018, an unknown third party accessed her printed and…