Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: security

New sandbox escape flaw exposes n8n instances to RCE attacks

Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host.

Identified as CVE-2026–1470 and CVE-2026–0863, the vulnerabilities were discovered and reported by researchers at DevSecOps company JFrog.

Despite requiring authentication, CVE-2026–1470 received a critical severity score of 9.9 out of 10. JFrog explained that the critical rating was due to arbitrary code execution occurring in n8n’s main node, which allows complete control over the n8n instance.

Radiowaves enable energy-efficient AI on edge devices without heavy hardware

As drones survey forests, robots navigate warehouses and sensors monitor city streets, more of the world’s decision-making is occurring autonomously on the edge—on the small devices that gather information at the ends of much larger networks.

But making that shift to edge computing is harder than it seems. Although artificial intelligence (AI) models continue to grow larger and smarter, the hardware inside these devices remains tiny.

Engineers typically have two options, neither are ideal. Storing an entire AI model on the device requires significant memory, data movement and computing power that drains batteries. Offloading the model to the cloud avoids those hardware constraints, but the back-and-forth introduces lag, burns energy and presents security risks.

Microsoft patches actively exploited Office zero-day vulnerability

Microsoft has released emergency out-of-band security updates to patch a high-severity Microsoft Office zero-day vulnerability exploited in attacks.

The security feature bypass vulnerability, tracked as CVE-2026–21509, affects multiple Office versions, including Microsoft Office 2016, Microsoft Office 2019, Microsoft Office LTSC 2021, Microsoft Office LTSC 2024, and Microsoft 365 Apps for Enterprise (the company’s cloud-based subscription service).

However, as noted in today’s advisory, security updates for Microsoft Office 2016 and 2019 are not yet available and will be released as soon as possible.

6 Okta security settings you might have overlooked

What worked six months ago may no longer be sufficient to protect against today’s threats.

This article outlines six fundamental Okta security best practices that form the backbone of a resilient identity security program.

Beyond implementing these settings, continuous security posture monitoring for Okta (and the rest of your SaaS ecosystem) with a tool like Nudge Security can help you stay ahead of emerging threats and maintain a robust security posture as your environment grows and changes.

Hackers can bypass npm’s Shai-Hulud defenses via Git dependencies

The defense mechanisms that NPM introduced after the ‘Shai-Hulud’ supply-chain attacks have weaknesses that allow threat actors to bypass them via Git dependencies.

Collectively called PackageGate, the vulnerabilities were discovered in multiple utilities in the JavaScript ecosystem that allow managing dependencies, like pnpm, vlt, Bun, and NPM.

Researchers at endpoint and supply-chain security company Koi discovered the issues and reported them to the vendors. They say that the problems were addressed in all tools except for NPM, who closed the report stating that the behavior “works as expected.”

Scientists Uncover Hidden Weakness in Quantum Encryption

Quantum key distribution (QKD) is a next generation method for protecting digital communications by drawing on the fundamental behavior of quantum particles. Instead of relying on mathematical complexity alone, QKD allows two users to establish a shared secret key in a way that is inherently resistant to interception, even if the communication channel itself is not private.

When an unauthorized observer attempts to extract information, the quantum states carrying the data are unavoidably altered, creating telltale disturbances that signal a potential security breach.

The real-world performance of QKD systems, however, depends on precise control of the physical link between sender and receiver. One of the most influential factors is pointing error, which occurs when the transmitted beam does not perfectly align with the receiving device.

/* */