Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CVE-2026-27577 is a code injection flaw in n8n, an open-source workflow automation platform, that lets an authenticated user with permission to create or modify workflows run system commands on the host through crafted workflow expressions. The vulnerability carries a CVSS base score of 9.4 (Critical). Exploitation requires authentication, but only the level of access needed to build or edit a workflow, which is a routine privilege for many users of the platform.

Over the past months, I’ve noticed a shift in customer conversations. Coverage, prioritization, emerging threats — those questions have given way to exposed MCP servers, unmanaged AI chatbots, and risks that don’t show up as CVEs. Mythos comes up in every other call. The calculus changed. AI now writes a quarter of production code, with twice as many vulnerabilities. The exploitation window collapsed from days to hours.

CERT-In just published a risk-based remediation framework that resets expectations for every organisation operating in India. The timelines are worth reading twice: Now consider one question: if a known exploited vulnerability appeared on your internet-facing application at 11pm tonight, what would your team do in the next 12 hours?

Oracle has disclosed CVE-2026-35273, a critical vulnerability in PeopleSoft Enterprise PeopleTools that has already been exploited by threat actors. The vulnerability allows unauthenticated attackers to remotely compromise vulnerable systems and potentially achieve remote code execution, putting exposed PeopleSoft environments at immediate risk. What makes this vulnerability especially concerning is that attackers exploited it as a zero-day before Oracle released a patch.

Small and medium businesses are increasingly exposed to email-based attacks that rely on compromised accounts and trusted communication patterns. In a typical business email compromise scenario, attackers gain access to an executive’s email account and monitor communication over time. This allows them to understand how financial requests are handled and when key individuals are unavailable. At the right moment, they send emails that appear legitimate.

Organizations continue investing heavily in cybersecurity tools, yet many security operations centers (SOCs) still struggle with alert fatigue, investigative delays, and inconsistent response outcomes. The issue is not necessarily a lack of technology. In many environments, it is the opposite. As security stacks expand, operational complexity often expands with them.

Elastic has been named a Strong Performer in The Forrester Wave: Extended Detection And Response Platforms, Q2 2026 report. The report recognized our SIEM-replacement capabilities, open data architecture, AI innovation, and endpoint protection. Here's what Forrester found and why we believe it reflects what we've been building.

When the weather starts to get warmer, it is a sign that summer time is around the corner. But just as the weather heats up and travel plans get booked, scammers capitalize on the season by performing nefarious schemes to separate victims from their money and other valuables. Recent McAfee research found that more than one in three Americans have experienced a travel-related cyberthreat, with 41% of those affected losing money, often costing victims over $500.

Phishing attacks are evolving faster than traditional training programs can keep up. Advances in AI — including generative tools — are making attacks more dynamic, personalized, and harder to detect. At the same time, agentic AI for phishing security training is reshaping how programs improve, enabling them to adapt to user behavior and shifting risk in real time.

If everyone owns cybersecurity, no one really owns it.