RadioCSIRT English Edition – Your Cybersecurity News for Tuesday, January 6, 2026 (Ep. 65) episode artwork

EPISODE · Jan 6, 2026 · 10 MIN

RadioCSIRT English Edition – Your Cybersecurity News for Tuesday, January 6, 2026 (Ep. 65)

from RadioCSIRT - English Edition · host Marc Frédéric GOMEZ

We open this episode with a critical vulnerability in n8n reported by Security Online. CVE-2025-68668, with a CVSS score of 9.9, allows an authenticated user to escape the Python sandbox of the automation platform to execute arbitrary system commands, turning the Code Node into a vector for complete host system compromise.CVEfeed.io reports an uncontrolled DLL loading flaw in AsusSoftwareManagerAgent. CVE-2025-12793, rated 8.5 in CVSS 4.0, exploits an untrusted search path allowing a local attacker to execute arbitrary code through DLL Namespace manipulation.Clubic covers the disappearance of Anna's Archive's primary domain. The registry placed annas-archive.org under serverHold status two weeks after uploading 300 terabytes of Spotify data, suggesting legal action by the Public Interest Registry following OCLC's lawsuit for extracting 2.2 terabytes of WorldCat data.Phoronix reports a critical situation for the Debian project: the three delegated members of the Data Protection Team resigned simultaneously, leaving the project without an active team to manage GDPR obligations. Project leader Andreas Tille now handles this role ad-hoc while awaiting new volunteers.Finally, CERT-FR issued advisory CERTFR-2026-AVI-0004 concerning CVE-2025-13699 affecting multiple MariaDB branches. The vendor has not specified the exact nature of the security issue but recommends updating to versions 10.11.15, 10.6.24, 11.4.9, or 11.8.4.Sources: Security Online – n8n CVE-2025-68668: https://securityonline.info/n8n-sandbox-escape-how-cve-2025-68668-turns-workflows-into-weapons/CVEfeed.io – CVE-2025-12793 ASUS: https://cvefeed.io/vuln/detail/CVE-2025-12793Clubic – Anna's Archive domain: https://www.clubic.com/actualite-593797-le-site-qui-avait-pirate-spotify-perd-son-nom-de-domaine.htmlPhoronix – Debian Data Protection Team: https://www.phoronix.com/news/No-Debian-Data-Protection-TeamCERT-FR – MariaDB Vulnerability: https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0004/Don’t think, patch!Your feedback is welcome.Email: [email protected]: https://www.radiocsirt.comWeekly Newsletter: https://radiocsirtenglishedition.substack.com/

NOW PLAYING

RadioCSIRT English Edition – Your Cybersecurity News for Tuesday, January 6, 2026 (Ep. 65)

0:00 10:27

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of RadioCSIRT - English Edition?

This episode is 10 minutes long.

When was this RadioCSIRT - English Edition episode published?

This episode was published on January 6, 2026.

What is this episode about?

We open this episode with a critical vulnerability in n8n reported by Security Online. CVE-2025-68668, with a CVSS score of 9.9, allows an authenticated user to escape the Python sandbox of the automation platform to execute arbitrary system...

Can I download this RadioCSIRT - English Edition episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!