AnonymousMedia.org

Category: Uncategorized

  • Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances

    Critical n8n Flaw (CVSS 9.9) Enables Arbitrary Code Execution Across Thousands of Instances


    Dec 23, 2025Ravie LakshmananVulnerability / Workflow Automation

    A critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in arbitrary code execution under certain circumstances.

    The vulnerability, tracked as CVE-2025-68613, carries a CVSS score of 9.9 out of a maximum of 10.0. The package has about 57,000 weekly downloads, according to statistics on npm.

    “Under certain conditions, expressions supplied by authenticated users during workflow configuration may be evaluated in an execution context that is not sufficiently isolated from the underlying runtime,” the maintainers of the npm package said.

    Cybersecurity

    “An authenticated attacker could abuse this behavior to execute arbitrary code with the privileges of the n8n process. Successful exploitation may lead to full compromise of the affected instance, including unauthorized access to sensitive data, modification of workflows, and execution of system-level operations.”

    The issue, which affects all versions including and higher than 0.211.0 and below 1.120.4, has been patched in 1.120.4, 1.121.1, and 1.122.0. Per the attack surface management platform Censys, there are 103,476 potentially vulnerable instances as of December 22, 2025. A majority of the instances are located in the U.S., Germany, France, Brazil, and Singapore.

    In light of the criticality of the flaw, users are advised to apply the updates as soon as possible. If immediate patching is not an option, it’s advised to limit workflow creation and editing permissions to trusted users and deploy n8n in a hardened environment with restricted operating system privileges and network access to mitigate the risk.



    Source link

  • Injured officer Jack Hibbert released from hospital

    Injured officer Jack Hibbert released from hospital


    PA Media Constable Jack Hibbert dressed in a whiteT-shirt looking down at a dog and sitting in a restaurant.PA Media

    Jack Hibbert had been working as a police officer for just months before he was shot

    A young police officer who was shot in the head during the Bondi Beach attack has been released from hospital.

    Probationary Constable Jack Hibbert – who is just four months into the job – was patrolling a Hanukkah event when two gunmen opened fire, injuring over 40 people and killing 15.

    The 22-year-old, who was also hit in the shoulder, has lost vision in one of his eyes but is now recovering at home, his family confirmed in a statement.

    “As a family, we couldn’t ask for anything more – having our Jack home, especially for Christmas, truly feels like a miracle.”

    They thanked the public for their “overwhelming support” and praised medical staff for their “exceptional” care and dedication.

    “While he is home, he is still recovering and will need space, support, and continued positive thoughts during this time,” the statement added.

    Even after he was shot during the attack, Constable Hibbert continued to help festival attendees until he physically couldn’t, his family previously said.

    “Many of his colleagues who were present on the night of the incident have visited in hospital and given testaments to Jack’s bravery during the incident… They described how Jack acted, he moved toward people in need, not away from danger,” they said.

    He was one of two police officers injured in the shooting, with the second officer Constable Scott Dyson, 25, still recovering from his injuries in hospital, according to the last police update.

    Last week, NSW Police Commissioner Mal Lanyon visited Constable Hibbert in hospital, praising him as a “positive young man”.

    Lanyon added that the force would rally around Constable Hibbert and find “appropriate duties for him” after his recovery.

    Police have alleged the suspected gunmen were inspired by Islamic State ideology and targeted the Jewish festival in what has been declared a terror attack.

    Naveed Akram, 24, has been charged with 59 offences, including 15 counts of murder and one of terror. A second gunman – his father, Sajid Akram – was shot dead by police at the scene.

    On Monday, new court documents alleged the pair “meticulously” planned the attack for months, and two days prior to the shooting, visited Bondi for reconnaissance.



    Source link

  • Screams for help and panic as tourists rescued from fatal sinking

    Screams for help and panic as tourists rescued from fatal sinking


    It was supposed to be just another Thursday in Laos, where Anthonin’s father was born.

    Instead, the 30-year-old French citizen found himself among more than 140 people, mostly tourists, on a ferry that capsized in the Mekong River. All but three are thought to have made it to safety.

    Videos online show a scene of chaos – people screaming for help, children crying and passengers scrambling to get their belongings.

    Anthonin, who declined to give his full name, recalls seeing a mother and her two children on board the ferry – but they were nowhere to be seen on the rescue boat.

    On Monday, Lao media reported that the body of a woman, named Pany Her, had been retrieved from the river. Rescuers then found the body of a one-year-old, who they believe was one of her children. Efforts to find a second child are continuing.

    The boat was making its way last Thursday from the riverside town of Huay Xay to the historic city of Luang Prabang in northern Laos, a common route along the Mekong – and popular with visitors to the country.

    There were 118 tourists and 29 locals, including four crew, on board the boat when it struck underwater rocks, according to an official report carried by the Laotian Times.

    Within minutes, the ferry began to sink.

    “The [crew] were just totally unprepared for that. There was a lot of confusion… it happened really, really fast,” Anthonin said.

    “What was, you know, puzzling and alarming is that there were very few life jackets, around like, 15 life jackets maximum… [it] was really bad.”

    As the boat continued to capsize, passengers shouted to a passing boat for help, but it did not stop – possibly because, according to him, it was relatively small.

    The second one, however, did stop and take them in. However, according to British tourist Bradley Cook, another passenger on board, that briefly “made it worse”.

    The 27-year-old told the BBC that as the rescue boat came closer to their ferry, people started to shift and put weight on one side of the ferry, causing water to fill up the hull even quicker.

    Mr Cook went to the other side to climb up on the roof, from where he jumped onto the rescue ferry.

    Some people managed to climb over to the ferry, while others swam for it, hung onto the rails and got pulled up by others. Both Anthonin and Mr Cook were among those rescued.

    But others were less fortunate.

    Anthonin says he was helping some other passengers retrieve their luggage at the back of the sinking ferry when he saw a Lao mother and her two children.

    However, when he was on the rescue ferry, he realised they weren’t there.

    “Some people were crying, panicking. It was a mess,” he said. “[But] I didn’t fear for my life… I was more affected by the three missing people.”

    Lao media later reported that the body of the Lao woman Pany Her and a one-year-old child were found, separately, near Luang Prabang.

    Another passenger, Gabrielius Baranovičius, 19, told the BBC that he and his friend, both of whom are from Lithuania, did not panic at first.

    “We were just joking around,” Mr Baranovičius said, adding that his attitude quickly changed when he realised they were sinking.

    After getting on the rescue boat, Mr Baranovičius said he starting filming what was happening on board “but then I heard other people screaming so [I] turned off the camera and went straight to help other people in the water get on the boat.”

    Tens of thousands of tourists use slow boat and speedboat services every year along the 300km (185-mile) route connecting Huay Xay, Pak Beng and Luang Prabang, according to the Mekong River Commission.

    For Mr Cook, the experience was “terrifying” and it made him want to get out of Luang Prabang, “although everyone’s really friendly here”, because it was a constant reminder of his narrow escape.

    Speaking to the BBC from Vang Vieng, a town in northern Laos, Mr Cook said he planned to file for insurance claims for his electrical items that were broken and for cash that was lost, though he was not sure who would be held responsible.

    “I’m assuming it’s just a freak accident,” he said, though he added he “was not sure how avoidable” the ferry capsizing was.

    It’s not the first time such a sinking has occurred in Laos.

    In September 2023, a passenger boat, which travelled on the same river corridor between Huay Xai and Luang Prabang, capsized in the Mekong in Pakbeng district, resulting in three deaths.

    The boat reportedly became entangled in a fishing net, causing loss of control and the vessel overturning in strong currents.



    Source link