Security news.
Today's security brief highlights a critical, actively exploited RCE vulnerability in the n8n workflow automation platform, prompting a CISA alert. Additionally, a major medical technology company, Stryker, has been impacted by an Iran-linked wiper malware attack, causing significant disruption. Developers should also be aware of a new wave of supply-chain attacks targeting the npm registry.
CISA Flags Actively Exploited n8n RCE Bug
CISA has added a critical remote code execution flaw, CVE-2025-68613, in the n8n workflow automation platform to its Known Exploited Vulnerabilities catalog, with approximately 24,700 instances still exposed.
Medtech Giant Stryker Offline After Iran-linked Wiper Malware Attack
Leading medical technology company Stryker has been hit by a wiper malware attack claimed by Handala, an Iranian-linked hacktivist group, causing significant operational disruption.
SQLi Flaw in Elementor Ally Plugin Impacts 250k+ WordPress Sites
An SQL injection vulnerability in Elementor's Ally WordPress plugin, with over 400,000 installations, could allow unauthenticated attackers to steal sensitive data.
New PhantomRaven NPM Attack Wave Steals Dev Data via 88 Packages
The 'PhantomRaven' supply-chain campaign has launched new attacks on the npm registry, deploying dozens of malicious packages designed to exfiltrate sensitive data from JavaScript developers.
Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam
Researchers demonstrated that agentic AI browsers, like Perplexity's Comet, can be tricked into falling for phishing and scam traps by exploiting their reasoning capabilities.
Microsoft Patch Tuesday, March 2026 Edition
Microsoft released security updates addressing 77 vulnerabilities in Windows and other software, with no zero-day flaws reported this month.
238,000 Impacted by Bell Ambulance Data Breach
A data breach at Bell Ambulance resulted in hackers stealing personal information, including names, Social Security numbers, and driver’s license numbers, affecting 238,000 individuals.
Meta Disables 150K Accounts Linked to Southeast Asia Scam Centers
Meta disabled over 150,000 accounts associated with scam centers in Southeast Asia as part of a global crackdown, leading to 21 arrests by Thai police.