Multiple critical flaws in the n8n open-source workflow platform allow authenticated users to execute arbitrary code on the server. Despite a fix being released, researchers found a bypass that could lead to complete control over n8n instances, exposing sensitive data and connected accounts. Users are urged to update to the latest version and review their workflows for security.

This article outlines a series of ten hands-on labs focused on Model Context Protocol (MCP) vulnerabilities, each based on real-world exploits. It provides both vulnerable and secure implementations, allowing users to reproduce attacks and understand mitigation strategies in a practical setting. Comprehensive instructions and proof captures accompany each challenge.

The first day of Pwn2Own Automotive 2026 featured 30 entries targeting various automotive systems, resulting in $516,500 awarded for 37 unique 0-days. Notable successes included Fuzzware.io and Team DDOS, while several teams failed to complete their exploits in time.

Vulnerabilities in a Bluetooth chipset used in 29 audio devices from various vendors can be exploited for eavesdropping and information theft. Researchers disclosed three flaws that allow attackers to hijack connections, initiate calls, and potentially access call history and contacts, although attacks require technical expertise and close physical proximity. Device manufacturers are working on patches, but many affected devices have not yet received updates.

Qualcomm has issued security patches for three zero-day vulnerabilities in the Adreno GPU driver, which are being actively exploited in targeted attacks. The vulnerabilities include two critical flaws related to memory corruption and a high-severity use-after-free issue, with updates provided to OEMs to address these risks. Additionally, Qualcomm has addressed other security flaws in its systems that could allow unauthorized access to sensitive user information.

The article discusses the vulnerabilities associated with cross-site WebSocket hijacking and the potential exploits that could arise in 2025. It highlights the risks of unauthorized access and the importance of implementing security measures to mitigate these threats in web applications.

The Model Context Protocol (MCP) is an emerging standard for connecting large language models to external tools, but it presents significant security vulnerabilities such as prompt injection and orchestration exploits. These vulnerabilities can lead to data exfiltration and system compromise, highlighting the need for robust security precautions and detection methods. The article discusses various attack techniques and provides examples of potential exploits along with recommended defenses.