Table of Contents

    Get Our Blogs Directly to Your Inbox, Every Friday

    Additional Resources:

    Beyond the Spike: A CISO’s Perspective on Ransomware Risks from Q4 2025 Report

    Beyond the Spike: A CISO’s Perspective on Ransomware Risks from Q4 2025 Report

    CISO's Perspective

    4 min read

    CyberMaxx Q4 2025 Ransomware Research Report reveals attacks rose 12% year-over-year

    CyberMaxx Q4 2025 Ransomware Research Report reveals attacks rose 12% year-over-year

    Research

    2 min read

    In this week’s Security Advisory

    • New Veeam Vulnerabilities Expose Backup Servers to RCE Attacks
    • n8n Releases Patches for More Critical Vulnerabilities
    • Critical AdonisJS NPM Package Vulnerability Patched
    • Hackers Exploit Zero-Day in Discontinued D-Link Devices

    New Veeam Vulnerabilities Expose Backup Servers to RCE Attacks

    Veeam has released patches for several vulnerabilities in its Backup & Replication software, which includes a critical remote code execution vulnerability. Tracked as CVE-2025-59470 (CVSS 9.0/10), this vulnerability allows a user with “Backup” or “Tape Operator” permissions to perform remote code execution as the postgres user by sending a malicious interval or order parameter. Veeam also patched three other high-severity vulnerabilities that require similar privileges: CVE-2025-55125 (CVSS 7.2/10), CVE-2025-59469 (CVSS 7.2/10), and CVE-2025-59468 (CVSS 6.8/10).

    Affected Versions

    • Veeam Backup & Replication 13.0.1.180 and all earlier version 13 builds.

    Recommendations

    • Update to the latest version 13.0.1.1071.

    More Reading / Information

    n8n Releases Patches for More Critical Vulnerabilities

    n8n has patched another max severity vulnerability, CVE-2026-21858 (CVSS 10/10). This vulnerability allows an unauthenticated remote attacker to gain complete control over susceptible instances. This could result in exposure of sensitive information stored on the system and may enable further compromise. It is recommended to avoid exposing n8n to the internet. As a temporary workaround, it’s advised to restrict or disable publicly accessible webhook and form endpoints.

    Affected Versions

    • All versions of n8n before and including 1.65.0.

    Recommendations

    • Upgrade to version 1.121.3 or higher.

    More Reading / Information

    Critical AdonisJS NPM Package Vulnerability Patched

    The vulnerability, CVE-2026-21440 (CVSS 9.2/10), is a path traversal issue affecting the AdonisJS multipart file handling mechanism. If successfully exploited, it could allow a remote attacker to write arbitrary files on the server. “@adonisjs/bodyparser” is an npm package associated with AdonisJS. Exploitation of this vulnerability can only be achieved if an attacker can reach an upload endpoint.

    Affected Versions

    @adonisjs/bodyparser before and equal to 10.1.1 and 11.0.0-next.5.

    Recommendations

    Upgrade to version 10.1.2 or 11.0.0-next.6.

    More Reading / Information

    https://thehackernews.com/2026/01/critical-adonisjs-bodyparser-flaw-cvss.html
    https://github.com/adonisjs/core/security/advisories/GHSA-gvq6-hvvp-h34h

    Hackers Exploit Zero-Day in Discontinued D-Link Devices

    An OS command injection vulnerability in discontinued D-Link gateway devices has been exploited in the wild as a zero-day. Tracked as CVE-2026-0625 (CVSS 9.3/10), the security defect exists because the dnscfg.cgi library does not properly sanitize user-supplied DNS configuration parameters. The vulnerability allows a remote, unauthenticated attacker to inject and execute arbitrary shell commands. As these devices are discontinued, D-Link will not be patching these vulnerabilities, and it is recommended to replace affected devices.

    Affected Versions

    • While D-Link states legacy machines are affected, they will be posting a full list of affected devices later this week.

    Recommendations

    • Please upgrade legacy D-Link devices to a supported version.

    More Reading / Information

    Recommendations

    Please review your environment to ensure the above-mentioned issues are patched in a timely manner. It is security best practice to regularly update and/or patch software to the latest versions. The vulnerabilities above highlight the security benefits of limiting deployed software to “vendor-supported versions” only. This dramatically increases the likelihood that new vulnerabilities have a patch issued for them. Likewise, CyberMaxx strongly encourages maintaining an inventory of current software in your environment, which helps ensure and inform your patch and vulnerability management program.