OFFRE D'UNE DURÉE LIMITÉE | Obtenez 3 mois à 0.99 $ par mois

14.95 $/mois par la suite. Des conditions s'appliquent.
Page de couverture de RadioCSIRT English Edition – Your Cybersecurity News for Tuesday, January 6, 2026 (Ep. 65)

RadioCSIRT English Edition – Your Cybersecurity News for Tuesday, January 6, 2026 (Ep. 65)

RadioCSIRT English Edition – Your Cybersecurity News for Tuesday, January 6, 2026 (Ep. 65)

Écouter gratuitement

Voir les détails du balado

À propos de cet audio

We open this episode with a critical vulnerability in n8n reported by Security Online. CVE-2025-68668, with a CVSS score of 9.9, allows an authenticated user to escape the Python sandbox of the automation platform to execute arbitrary system commands, turning the Code Node into a vector for complete host system compromise.

CVEfeed.io reports an uncontrolled DLL loading flaw in AsusSoftwareManagerAgent. CVE-2025-12793, rated 8.5 in CVSS 4.0, exploits an untrusted search path allowing a local attacker to execute arbitrary code through DLL Namespace manipulation.

Clubic covers the disappearance of Anna's Archive's primary domain. The registry placed annas-archive.org under serverHold status two weeks after uploading 300 terabytes of Spotify data, suggesting legal action by the Public Interest Registry following OCLC's lawsuit for extracting 2.2 terabytes of WorldCat data.

Phoronix reports a critical situation for the Debian project: the three delegated members of the Data Protection Team resigned simultaneously, leaving the project without an active team to manage GDPR obligations. Project leader Andreas Tille now handles this role ad-hoc while awaiting new volunteers.

Finally, CERT-FR issued advisory CERTFR-2026-AVI-0004 concerning CVE-2025-13699 affecting multiple MariaDB branches. The vendor has not specified the exact nature of the security issue but recommends updating to versions 10.11.15, 10.6.24, 11.4.9, or 11.8.4.

Sources:

  • Security Online – n8n CVE-2025-68668: https://securityonline.info/n8n-sandbox-escape-how-cve-2025-68668-turns-workflows-into-weapons/
  • CVEfeed.io – CVE-2025-12793 ASUS: https://cvefeed.io/vuln/detail/CVE-2025-12793
  • Clubic – Anna's Archive domain: https://www.clubic.com/actualite-593797-le-site-qui-avait-pirate-spotify-perd-son-nom-de-domaine.html
  • Phoronix – Debian Data Protection Team: https://www.phoronix.com/news/No-Debian-Data-Protection-Team
  • CERT-FR – MariaDB Vulnerability: https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0004/

Don’t think, patch!

Your feedback is welcome.
Email: radiocsirt@gmail.com
Website: https://www.radiocsirt.com
Weekly Newsletter: https://radiocsirtenglishedition.substack.com/
Pas encore de commentaire