Latest news as of 2/13/2026, 4:59:57 AM
The Hacker News
A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands. The flaw, tracked as CVE-2026-25049 (CVSS score: 9.4), is the result of inadequate sanitization that bypasses safeguards put in place to address CVE-2025-68613 (CVSS score: 9.9), another critical defect that
Krebs on Security
A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators… Read More »
Have I Been Pwned
In January 2026, . As part of the incident, Betterment customers received fraudulent crypto-related messages promising high returns if funds were sent to an attacker-controlled cryptocurrency wallet. The breach exposed 1.4M unique email addresses, along with names and geographic location data. A subset of records also included dates of birth, phone numbers, and physical addresses. In , Betterment stated that the incident did not provide attackers with access to customer accounts and did not expose passwords or other login credentials. the automated investment platform Betterment confirmed it had suffered a data breach attributed to a social engineering attack its disclosure notice
Dark Reading
Investors poured $140 million into Torq's Series D Round, raising the startup's valuation to $1.2 billion, to bring AI-based "hyper automation" to SOCs.
Dark Reading
Following their attacks on Salesforce instances last year, members of the cybercrime group have broadened their targeting and gotten more aggressive with extortion tactics.
Dark Reading
State-sponsored threat actors compromised the popular code editor's hosting provider to redirect targeted users to malicious downloads.
Dark Reading
Iowa police arrested two penetration testers in 2019 for doing their jobs, highlighting the risk to security professionals in red teaming exercises.
Dark Reading
A malware-free phishing campaign targets corporate inboxes and asks employees to view "request orders," ultimately leading to Dropbox credential theft.
Dark Reading
People trust organizations to do the right thing, but some websites and apps have user interfaces that ultimately lead to inadequate security.
Dark Reading
The AI-assisted attack, which started with exposed credentials from public S3 buckets, rapidly achieved administrative privilges.