Trend Micro patches critical flaws in its Apex Central software
CSO Online 10.01.2026 00:46
Security company Trend Micro has been compelled to issue a patch for its own Apex Central software management tool after vulnerability management platform Tenable identified several security flaws.
The bugs affect all versions of Apex Central (on-premises) earlier than build 7190.
Kritische Lücke in Automatisierungstool: n8n erlaubt Codeschmuggel
Heise Security 09.01.2026 13:52
Im beliebten Werkzeug zur Erstellung von No-Code-Arbeitsabläufen klaffen gleich vier kritische Lücken, eine mit Höchstwertung. Admins sollten schnell patchen.
Ni8mare: Kritische n8n-Lücke bedroht 100.000 Server
CSO Online 09.01.2026 12:44
n8n-Anwender sollten ihre Systeme dringend patchen.
Forscher des Security-Anbieters Cyera haben eine schwerwiegende Schwachstelle in der Workflow-Automatisierungsplattform n8n entdeckt. Sie ermöglicht es Angreifern, beliebigen Code auszuführen. Auf diese Weise könnten sie die vollständige Kontrolle über die betroffene Umgebung übernehmen, so die Experten.
CISA flags max-severity bug in HPE OneView amid active exploitation
CSO Online 09.01.2026 11:48
A max-severity remote code execution (RCE) flaw in HPE’s OneView management platform has been flagged by the Cybersecurity & Infrastructure Security Agency (CISA) for active exploitation. The flaw, tracked as CVE-2025-37164, has been added to CISA’s Known Exploited Vulnerability (KEV) Catalog, days after the company disclosed it with a fix.
“The CVE-2025-37164 OneView vulnerability is severe because it allows unauthenticated remote code execution through a publicly reachable REST API endpoint,” said Chrissa Constantine, Senior Cybersecurity Solution Architect at Black Duck. “Given how central OneView is for managing servers, storage, and networking, this vulnerability doesn’t just compromise an application – it puts the entire environment at risk. This is why proactive API security assessments are non-negotiable for any system exposing management or automation interfaces.”
Mediaplayer VLC: Aktualisierte Version stopft zahlreiche Lücken
Heise Security 09.01.2026 11:05
Die Version 3.0.23 des VLC Media Player bessert diverse Schwachstellen aus, die möglicherweise Unterschieben von Schadcode erlauben.
Trend Micro Apex Central RCE Flaw Scores 9.8 CVSS in On-Prem Windows Versions
The Hacker News 09.01.2026 10:01
Trend Micro has released security updates to address multiple security vulnerabilities impacting on-premise versions of Apex Central for Windows, including a critical bug that could result in arbitrary code execution.
The vulnerability, tracked as CVE-2025-69258, carries a CVSS score of 9.8 out of a maximum of 10.0. The vulnerability has been described as a case of remote code execution
BSI: CERT-Bund bemängelt viele verwundbare Zimbra-Server
Heise Security 09.01.2026 07:57
Das CERT-Bund des BSI warnt davor, dass in Deutschland hunderte verwundbare Zimbra-Server im Netz stehen.