Cloud Integrations Lead, n8n and jsPDF Flaws Drive Urgent Patching

An announcement on Google Cloud showcases a managed Model Context Protocol server for BigQuery that aims to standardize and simplify how AI agents work with analytics data. At the same time, a report from CSOonline details a maximum‑severity flaw in n8n enabling unauthenticated takeover of self‑hosted instances, underscoring the urgency of rapid patching and credential rotation alongside platform upgrades.

Cloud platforms tighten AI and network integration

The managed BigQuery MCP server is designed to remove connector maintenance and expose a consistent HTTP endpoint for MCP clients. The post describes setup via OAuth and a Gemini API key, a sample dataset, and agent workflows, and stresses adherence to AI safety and stability guidelines. The standardized protocol compatibility with leading agent frameworks reduces friction for building data‑aware assistants and can lower operational risk by consolidating integration patterns.

An integration with Google Cloud Network Security from Check Point promises centralized policy enforcement and threat prevention without traffic detours, targeting regulated, latency‑sensitive environments. The nondisruptive model aims to preserve application performance while extending inspection and visibility across hybrid estates.

A AWS update expands EC2 I7ie storage‑optimized instances to more regions, offering higher on‑instance NVMe density, Nitro SSD improvements, and increased network/EBS throughput for data‑intensive workloads. Separately, MWAA now supports Apache Airflow 2.11 and Python 3.12, easing the path toward Airflow 3 while requiring dependency and telemetry validation. Together, these changes broaden options for low‑latency data processing and controlled orchestration upgrades.

On the tooling front, BleepingComputer reports OpenAI is testing a GPT‑5.2 Codex “Max” variant with longer‑running, more reliable agentic behavior and improved vision/tool use. Early access appears limited; formal notes would clarify scope, availability, and positioning for complex developer workflows.

Critical vulnerabilities and patching priorities

Researchers disclosed a critical unauthenticated RCE in n8n, enabling arbitrary file reads and path traversal via crafted non‑multipart requests that poison file‑handling logic; exposed config and database files can allow session forgery and full compromise. The vendor fixed the issue in mid‑November (1.121.0). Recommended actions include immediate upgrades, isolating public form endpoints, rotating secrets, auditing workflows for unexpected file references, and monitoring for unauthorized sessions or workflow changes.

The popular PDF library is affected by a local file inclusion and path traversal issue: BleepingComputer notes jsPDF’s Node.js builds could pull arbitrary files into generated PDFs through unsanitized paths. Version 4.0.0 restricts filesystem access and aligns with Node permission mode; maintainers advise upgrading, validating any user‑provided paths, and avoiding broad filesystem permissions. Why it matters: widespread adoption raises the odds that untrusted inputs will reach vulnerable APIs.

Legacy DSL gateways face active exploitation: The Hacker News highlights CVE‑2026‑0625, a command‑injection flaw in D‑Link models via a DNS configuration endpoint, enabling unauthenticated code execution and DNS manipulation. Some products are end‑of‑life; guidance is to retire unpatchable units, isolate legacy gear, and monitor DNS changes to detect hijacking.

CISA added two entries to the Known Exploited Vulnerabilities Catalog—CVE‑2009‑0556 in Microsoft Office PowerPoint and CVE‑2025‑37164 in HPE OneView—triggering remediation requirements for federal agencies and a strong recommendation for all organizations to prioritize fixes or compensating controls and verify remediation through scanning and testing.

Separately, the vendor disclosed another maximum‑severity issue in n8n: The Hacker News details CVE‑2026‑21877, an authenticated RCE affecting versions ≥0.123.0 and <1.121.3, remediated in 1.121.3. The advisory recommends disabling the Git node and restricting access where patching lags, and treating exposed automation environments as high‑risk until updated.

Cato Networks researchers documented a supply‑chain style risk in an AI UI: CSOonline reports CVE‑2025‑64496 in Open WebUI’s Direct Connections feature, where untrusted Server‑Sent Events could execute JavaScript in the browser, steal long‑lived tokens, and, in some cases, reach backend code execution via workspace tools. Version 0.6.35 blocks the dangerous event type; mitigations include patching, HttpOnly tokens, CSP hardening, and least‑privilege tooling.

Campaigns and intrusion activity

Taiwan’s National Security Bureau observed a marked escalation in hostile activity during 2025: Infosecurity reports 960+ million intrusion attempts, with the energy sector seeing a tenfold spike. Attribution points to several China‑linked groups employing vulnerability exploitation, DDoS, social engineering, and supply‑chain routes, often synchronized with political and military events. The findings underscore the operational risk for critical infrastructure, particularly energy and healthcare.

On the criminal front, BleepingComputer describes renewed GoBruteforcer botnet activity against internet‑facing FTP, MySQL, and phpMyAdmin services used by crypto and blockchain projects. The malware spawns high‑concurrency brute‑forcers with hardcoded credentials and has been used for wallet‑scanning attempts. Mitigations include eliminating default usernames, enforcing strong unique passwords, restricting exposure of management interfaces, and replacing legacy stacks such as default XAMPP deployments.

Defensive hygiene remains decisive. Infosecurity relays Microsoft’s warning about phishing campaigns exploiting mail routing gaps where MX records and permissive SPF/DMARC allow spoofed internal‑looking messages to bypass checks. Recommended steps include DMARC reject, SPF hard‑fail, correct relay configuration, phishing‑resistant MFA, and Conditional Access. In parallel, BleepingComputer reports ownCloud is urging immediate MFA after credential‑theft driven logins via infostealers; guidance emphasizes password resets, session invalidation, and closer log review to detect abuse.