News

Critical RCE Vulnerability in n8n Affects Self-Hosted and Cloud Instances (CVE-2026-21877)

Luciano Ferrari

07 Jan 2026 — 2 min read

Wednesday, January 7, 2026

Top 5 Cybersecurity Stories You Should Know

Critical RCE Vulnerability in n8n Affects Self-Hosted and Cloud Instances (CVE-2026-21877) — tl;dr: n8n, an open-source workflow automation platform, has reported a critical security vulnerability (CVE-2026-21877) rated 10.0 on the CVSS scale, allowing authenticated remote code execution (RCE). This flaw affects both self-hosted and n8n Cloud instances running versions >= 0.123.0 and < 1.121.3. Users are advised to upgrade to version 1.121.3 or later to mitigate the risk of full instance compromise. The vulnerability was discovered by security researcher Théo Lelasseux, highlighting the importance of timely updates in cloud security.
↪ https://thehackernews.com/
Cyber Hygiene Strategies to Mitigate Ransomware Risks in 2026 — tl;dr: As ransomware and phishing attacks continue to rise, cybersecurity experts emphasize the importance of consistent cyber hygiene practices in 2026. Key strategies include regular employee training, particularly quarterly sessions, and ensuring cloud platforms like Office 365 are properly configured and secured. Organizations must also prioritize backup testing to confirm data recovery processes are effective. By adopting a security-first mindset and continuously assessing their cyber posture, businesses can significantly reduce their risk of falling victim to cyber threats, ultimately protecting sensitive data and maintaining operational integrity.
↪ https://rbj.net/2026/01/07/2026-cyber-hygiene-ransomware-phishing-risk/
Zestix Threat Actor Linked to Multiple Major Data Breaches — tl;dr: A single threat actor known as Zestix, also linked to the alias Sentap, has been identified as the source of numerous significant data breaches across various sectors, including aerospace and healthcare. Operating since 2021, Zestix employs stolen credentials from information stealers like RedLine and Lumma to infiltrate organizations, exploiting a lack of multi-factor authentication. Victims include Iberia and several engineering firms, with compromised data being sold on Russian-language forums. Organizations are urged to implement robust security measures, including MFA, to safeguard against credential theft and subsequent breaches.
↪ https://www.securityweek.com/dozens-of-major-data-breaches-linked-to-single-threat-actor/
Ransomware Attacks Surge in NC: Expert Tips for Protection — tl;dr: Ransomware attacks in North Carolina have surged nearly 50% year-over-year, prompting cybersecurity experts to issue warnings. Deiker Lozano, a Senior Cybersecurity Engineer, highlights the importance of recognizing red flags, such as urgent emails from unknown senders. To safeguard against these threats, he recommends implementing multi-factor authentication, keeping software updated, and maintaining vigilance about the prevalence of ransomware. Individuals and organizations alike are potential targets, making awareness and preparedness crucial to preventing attacks.
↪ https://www.wral.com/news/investigates/ransomware-cybersecurity-email-tips-january-2026/
Google CVE-2026-0628: High-Severity WebView Vulnerability Poses Major Risk — tl;dr: Google has released Chrome versions 143.0.7499.192 and 143.0.7499.193 to address CVE-2026-0628, a high-severity vulnerability in WebView that allows attackers to bypass security policies and execute unauthorized actions. This flaw affects millions of users across Chrome and Android applications, potentially compromising user data and system security. Security experts advise users to immediately update their browsers by navigating to Settings > About Chrome to prevent exploitation. The incident underscores the necessity of maintaining up-to-date software to mitigate risks associated with vulnerabilities in critical web rendering components.
↪ https://cyberpress.org/google-high-severity-webview-vulnerability/