The Hacker News

Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows

Critical n8n v CVE-2026-25049 allows authenticated workflow abuse to execute system commands and expose server data.
Dark Reading

Google Looker Bugs Allow Cross-Tenant RCE, Data Exfil

Attackers could even have used one vulnerable Lookout user to gain access to other Google Cloud tenants' environments.
Infosecurity Magazine

SQL Injection Flaw Affects 40,000 WordPress Sites

More than 40,000 WordPress sites using the Quiz and Survey Master plugin have been affected by a SQL injection vulnerability that allowed authenticated users to interfere with database queries.

How Financial Institutions Reduce Database Risk Without Slowing Digital Delivery

In financial services, database risk extends beyond IT. It affects delivery, operational resilience, and governance at the ...
The Guardian

Google AI Overviews cite YouTube more than any medical site for health queries, study suggests

Exclusive: German research into responses to health queries raises fresh questions about summaries seen by 2bn people a month How the ‘confident authority’ of AI Overviews is putting public health at ...
Engadget

Meta cuts deals with several news publishers for AI use

Meta has cut several deals with news publishers to help provide real-time data for its AI chatbot services, as reported by Axios. The commercial agreements will allow its Meta AI chatbots to better ...
san

VA creating database of ‘non-citizen’ employees, leaked memo says

The Department of Veterans Affairs is creating an urgent and extensive internal database of non-U.S. citizens employed by the department, according to documents leaked to The Guardian. The publication ...
NPR

DIY Disney? The company is exploring AI so fans can make content from Disney stories

Fans tired of waiting for the next Frozen sequel or the next chapter in the Star Wars saga may soon have new ways to engage with those worlds — by creating their own content using Disney's IP. That ...