Critical n8n Vulnerabilities Could Allow Server Takeover
Two critical vulnerabilities in the open source workflow automation platform n8n could have enabled unauthenticated remote code execution and sandbox escape, potentially exposing all credentials stored in the n8n database. The first flaw, tracked as CVE-2026-27493 with a CVSS score of 9.5, is a second order expression injection issue affecting Form nodes. Successful exploitation could allow an attacker to inject arbitrary commands and retrieve command output from the server.
Source: SecurityWeek

Iranian MOIS Actors Increasingly Linked With Cybercrime Ecosystem
Researchers report that Iranian state linked actors associated with the Ministry of Intelligence and Security are increasingly interacting with the cybercrime ecosystem rather than merely impersonating criminal groups. Instead of only using ransomware branding as cover, some operations appear to rely on criminal malware, infrastructure, and affiliate style models. This shift may expand operational reach while complicating attribution.
Source: Check Point Research

Iran Conflict Drives Increased Espionage Activity in the Middle East
Following U.S. and Israeli strikes on Iran on February 28, 2026, cybersecurity researchers observed heightened cyber activity linked to Iranian aligned actors. Despite temporary internet disruptions inside Iran, espionage groups such as TA453 continued credential phishing campaigns targeting organizations including a U.S. think tank. The activity indicates ongoing intelligence collection operations during the regional conflict.
Source: Proofpoint

Compromised WordPress Sites Used to Deliver Global Credential Stealing Malware
Rapid7 researchers identified a widespread campaign where legitimate WordPress websites were compromised and used to deliver malware through a fake Cloudflare human verification prompt. The campaign deploys a multi stage infection chain designed to steal credentials and cryptocurrency wallet data from Windows systems, which can later be used for financial fraud or targeted attacks.
Source: Rapid7

Pacific Cybersecurity Agencies Warn of Rising INC Ransom Attacks
Cybersecurity agencies from Australia, New Zealand, and Tonga warned about increasing ransomware activity linked to the INC Ransom group. The advisory highlights the group’s distributed affiliate model, allowing multiple operators to launch attacks using shared tools and infrastructure, making it a growing threat to organizations across the Pacific region.
Source: Cyble