#cve | Qezir

Ni8mare: n8n's CVSS 10.0 That Hands Over Your Entire Automation Stack

CVE-2026-21858 lets unauthenticated attackers take full control of n8n instances. 100K servers exposed, PoC is public, and your secrets are in the blast radius.

cve rce automation +1

Feb 1, 2026 · 5 min read

HIGH

WinRAR's Six-Month-Old Bug Is a Favorite of Russian APTs, Chinese Espionage, and Brazilian Banking Trojans

CVE-2025-8088 is a path traversal flaw in WinRAR patched last July. Six months later, Sandworm, Turla, Gamaredon, RomCom, and financially motivated groups are still using it.

cve exploitation apt +2

Feb 1, 2026 · 7 min read

Jan 29, 2026 · 5 min read

HIGH

Microsoft Office Zero-Day Gets Emergency Patch - CVE-2026-21509

Microsoft drops out-of-band patch for actively exploited Office vulnerability that bypasses OLE security controls. Here's what you need to know.

microsoft office cve +2

Jan 29, 2026 · 6 min read

React2Shell: The CVSS 10.0 That Hit 85,000 Servers

CVE-2025-55182 turned React Server Components into a one-request RCE. Nation-states and criminals moved within hours.

cve rce supply-chain +2

Jan 15, 2026 · 5 min read

The Citrix NetScaler Situation Just Got Worse

Mass exploitation of CVE-2024-8534 is ongoing. Notes from helping clients figure out if they're compromised.

citrix netscaler cve +2

Breach

palo-alto apt firewall +2

Operation MidnightEclipse: When Your Firewall Becomes the Attacker's Foothold

Tracking a campaign that compromised hundreds of Palo Alto devices through CVE-2024-3400. This one got ugly fast.

Jun 3, 2025 · 5 min read

fortinet cve authentication-bypass +1

FortiGate Auth Bypass: We're Doing This Again

CVE-2024-55591 joins the long list of Fortinet vulnerabilities being mass-exploited. Notes from triaging this with clients.

Jan 24, 2025 · 6 min read

Jan 22, 2025 · 4 min read

Ivanti Connect Secure Under Mass Exploitation - What We Know So Far

Critical authentication bypass vulnerabilities in Ivanti's VPN appliances are being actively exploited. Here's the timeline, technical details, and what you should do right now.

ivanti vpn cve +2