open source

Critical N8n Flaws Disclosed Along With Public Exploits

Critical vulnerabilities in the n8n workflow automation platform (CVE-2026-25049) allow any authenticated user to execute remote code, potentially gaining full control over the server. Discovered by multiple cybersecurity firms, these issues stem from inadequate sandboxing, enabling attackers to access sensitive data and configurations. Users are advised to update to versions 1.123.17 and 2.5.2, rotate encryption keys, and scrutinize workflows for suspicious activity, as no exploits have been reported yet.

https://www.bleepingcomputer.com/news/security/critical-n8n-flaws-disclosed-along-with-public-exploits/

Malicious PyPI Packages Spellcheckpy and Spellcheckerpy Deliver Python RAT

Malicious PyPI packages spellcheckpy and spellcheckerpy impersonated the legitimate pyspellchecker, embedding a base64-encoded payload that executes a Python Remote Access Trojan (RAT) when imported. Initially dormant, the payload would extract and execute upon the new version's trigger. This RAT, with dual-layer XOR encryption, facilitates remote control, evading detection, and employs a command and control server historically linked to malicious activity. Connections to earlier similar attacks suggest a recurring threat actor.

https://www.aikido.dev/blog/malicious-pypi-packages-spellcheckpy-and-spellcheckerpy-deliver-python-rat

PackageGate: 6 Zero-Days in JS Package Managers But NPM Won’t Act

Koi identifies six zero-day vulnerabilities in JavaScript package managers (npm, pnpm, vlt, and Bun) regarding defenses against the Shai-Hulud attack. While npm declined to address vulnerabilities, pnpm, vlt, and Bun acted swiftly. These flaws allow attackers to bypass script execution prevention and lockfile integrity checks, undermining the security claims of the tools. Koi stresses that the ecosystem requires better security and urges organizations to be vigilant, use lockfiles, disable scripts, and consider using more secure package managers.

https://www.koi.ai/blog/packagegate-6-zero-days-in-js-package-managers-but-npm-wont-act

Remote Code Execution With Modern AI/ML Formats and Libraries

Three open-source AI/ML Python libraries by Apple, Salesforce, and NVIDIA have vulnerabilities allowing remote code execution (RCE) via malicious metadata in models. Specifically:

  1. NeMo – NVIDIA's PyTorch framework for diverse AI/ML model development
  2. Uni2TS – Salesforce's library for time series analysis
  3. FlexTok – Apple's framework for image processing

The vulnerabilities leverages hydra.utils.instantiate() to execute arbitrary code embedded in model metadata. None have been exploited in the wild as of December 2025. Fixes were issued swiftly by the vendors, with severity ratings classified as High. Modifications in their libraries have improved security against these issues, emphasizing the importance of ongoing vigilance in AI/ML model handling.

https://unit42.paloaltonetworks.com/rce-vulnerabilities-in-ai-python-libraries/

Scroll to Top