Загрузка видео...

Не удалось загрузить видео

На главную

CVE-2025-68613: n8n RCE Vulnerability Exploit/PoC: n8n has a critical security flaw that lets authenticated users execute arbitrary code through its workflow expression system. When users configure workflows, the expressions they provide can sometimes be evaluated without proper isolation from the underlying runtime environment.

76,778 просмотров • 6 месяцев назад •via X (Twitter)

Комментарии: 0

Нет доступных комментариев

Здесь появятся комментарии из оригинального поста

Похожие видео

someone built an AI RED TEAM that maps your entire attack surface as a knowledge graph, finds every vulnerability, then EXPLOITS them to root access AUTONOMOUSLY its called RedAmon, 9,000 templates. 17 node types, actual Metasploit shells, not reports, no pentesters needed 6 phases of autonomous recon: subdomain discovery, port scanning, http probing, resource enumeration, vulnerability scanning, MITRE mapping every finding stored in a Neo4j graph with 17 node types and 20+ relationship types. the AI reasons about the graph, finds attack paths, and runs actual Metasploit exploits, actual shells stress-tested with zero vulnerability data, zero exploit modules, one instruction find a CVE and exploit it, it went from empty database to root-level RCE in 20 steps, researched the exploit on the web, crafted a custom deserialization payload, debugged itself when the first attempt failed next try, the server responded with root access, the highest privilege level on any Linux system. full control over everything the target was running node-serialize 0.0.4, a package with a critical deserialization flaw (CVE-2017-5941, CVSS 9.8), the server takes your cookie, decodes it, and passes it straight into unserialize() which executes any code inside it, the AI figured this out on its own with no hints built on LangGraph + MCP tool servers for naabu, nuclei, curl, metasploit. hunts leaked secrets across GitHub repos, 40+ regex patterns for AWS keys, Stripe tokens, database creds

chiefofautism

69,930 просмотров • 4 месяцев назад

Today, multiple users discovered a shocking fact: After explicitly selecting GPT-4o in the ChatGPT interface, the system actually returns responses from GPT-5. By clicking the "regenerate" button, users can clearly see which model is actually being called in the backend. This is blatant fraud. OpenAI is having one model impersonate another without users' knowledge. This is no longer a technical bug, but a complete collapse of business integrity. We pay for specific models—many subscribed to Plus specifically for 4o. When users discover they're being forced to use 5, this constitutes classic consumer fraud. Users' core rights are being systematically violated: 1. Right to Know - Users have the right to know which model they're conversing with, as this directly affects prompting strategies and output expectations 2. Right to Choose - Users choose 4o for its unique capabilities (creative writing, emotional understanding, etc.). Forced substitution directly disrupts users' workflows 3. Data Transparency - If what's labeled as 4o is actually 5, whose training is our conversation data actually feeding? This touches the bottom line of data ethics. This "bait and switch" behavior destroys the most basic trust between users and platform. If users can't even be certain "which AI am I talking to," what right does OpenAI have to talk about "benefiting all humanity"? #keep4o #4oforever #keepStandardVoice Sam Altman Nick Turley Adam.GPT

M

182,458 просмотров • 9 месяцев назад

OpenClaw has 186K GitHub stars and 1.5M compromised API keys. I needed a secure alternative. So, I built it with n8n and Claude Opus 4.6. It can already: - Reply to your Telegram messages - Access selected folders from your laptop - Access Gmail, Drive, Notion, Linear, etc. - Install new local tools in a sandbox - Run autonomously for hours - Create multiple subagents - Learn from experience - Wake up regularly But, unlike OpenClaw, it: - Can't access your API keys - Can't modify its environment - Can't access folders you haven't shared - Can't access tools you haven't approved - Must get your confirmation, e.g., when sending emails These aren’t prompt instructions. They’re hard architectural boundaries — Docker isolation, mounted folder permissions, n8n’s tool approval system. Key components: ✅ The VPS on Hostinger hosts n8n and a sandbox container. Agents can also connect to my laptop's sandbox via a Claudeflare tunnel + Desktop Commander MCP. ✅ The Manager agent is the brain. It plans, decides, delegates, and talks to the user. It never touches files. It never runs scripts. It works entirely from executor summaries. ✅ The Executor agents are the hands. Each receives a task (what to do + why it matters), decides how to execute it, and reports back. They can install new tools and execute code only in their dedicated sandboxes. ✅ Data Tables in n8n store both memories and sessions — no external database, no vector store, no infrastructure. Just rows in a table. Turns out, that's enough. Two memory types: - Manager memory: user preferences, facts, corrections, relationship, skills, context - Executor memory: what tools are installed, what’s broken, workarounds ✅ Sessions are short-term state for multi-step tasks. Original request, plan, assumptions, and what happened so far. When the Manager loops with fresh context, the session is all it gets. That's a Ralph Wiggum loop. I've been using it for 5 days. And already can't imagine not having it on my phone. What's next: - Heartbeat via Cron (a scheduled prompt) - Civic Nexus governance + MCPs - Supermemory integration - WhatsApp as an additional surface - Hardening The architecture supports all of it. OpenClaw proved people want personal AI agents. It also proved that 'just trust the prompt' isn't a security model. Docker isolation, mounted folder permissions, tool approval — none of this is new technology. It's just discipline. You can easily do this even with n8n — no coding required. --- Want to try it or read more? More, what I learned, and a setup guide: productcompass[.]pm

Paweł Huryn

53,999 просмотров • 5 месяцев назад

I built an app in Softr for the HVAC industry to solve some crucial problems. The problem is that those in the HVAC industry and similar industries like construction, plumbing, and electrical do not have one source of truth where: 1. Their clients can request for thier services. 2. Clients can be onboarded after they make a payment. 3. They store the information and bio data of their technicians. 4. They assign tasks to their technicians. 5. Technicians can track onsite jobs with pictures in real time of when working. 6. Clients see the progress of their projects. 7. Invoices and quotations from paid clients can be tracked. 8. Technicians borrow assets from the company, and they can be tracked. 9. There is a database where every individual, from technicians to admin and clients, are all stored. 10. Login details from every individual are secured and they can only see things that are their business without seeing that of another person, be ita technician or a client. These and many more are what people in these industries face as a challenge. I came up with a solution that addresses all these problems. I built a workflow that also auto-populated the users table in the database with technicians and clients when the records are filled in the technician and client tables, respectively. There is also a workflow that sends an email to the admin when a client makes a request from the portal. Taking advantage of the database, workflow, and portal gave a full-blown application for the HVAC industry. If you are in the construction, plumbing, electrical, or HVAC industry and you need a similar build, reach out, and I will be more than happy to replicate this for you or something similar in Softr.

Ada || Airtable, Zapier & Make.com

26,372 просмотров • 7 месяцев назад

Pi was built when there were already agent harnesses around. Here’s why Mario Zechner(Mario Zechner), found them suboptimal and built Pi, a minimalist self-modifying agent: #1 - Mario initially was a believer in Claude Code: "I was a believer in Claude code because they were the first that packaged agentic search up in a really compelling package. And at the time that fit my workflow really well. Everything around the LLM was kind of nice and tidy and easy to understand. I was super happy. I was proselytising Claude code." #2 - Reverse engineering Claude Code highlighted the degradation that Mario felt as a user: "I personally like simple tools that are stable and that I can rely on. Even if they have non-deterministic parts, all the deterministic parts should be as stable as possible. That was just not the experience with Claude Code around summer 2025. They would take away your control of the context. They would inject stuff behind your back, which is bad. Then, your workflows stopped working because there's now a system reminder that you don't even see in the UI that would modify the behaviour of the model. They would also do this to the system prompt. I built a little service where I can track the progression or evolution of the system, prompt and tool definitions and, with every release, it was messing with stuff. That just messed with my workflows and I don't appreciate that." #3 - PI was built with an appreciation for simple and reliable tools: "If I commit to a development tool, I want it to be a stable, reliable thing like a hammer. I don't want my hammer to break a different spot every day. That's terrible. We need somebody who goes the full velocity kind of way. But I don't want to work with a tool like that."

The Pragmatic Engineer

62,825 просмотров • 2 месяцев назад

"This is just a GPT wrapper." A common thing to hear in Silicon Valley. Even Perplexity (now valued at $20B) was seen as a GPT wrapper not long ago. But everyone gets this wrong. Every new technology or service uses existing tech and infrastructure as a pillar. Companies like Uber could not have existed without Google Maps. But could Uber be called a Maps wrapper? There is no need to reinvent the stove if you want to start a restaurant. The job of a founder is to solve users' problems so effectively that they cannot imagine going back to the old way. "Maximum value for the user" is the mantra. Users hardly care what underlying technology is used. What they do care about is whether the output (text, code, slide, or image) was accurate and if the solution provided was useful. You need to use the best tech to get the work done. Companies might use a cheap, fast model for formatting, a reasoning model for logic, and a search index for retrieval. They route traffic intelligently in milliseconds. The "wrapper" analogy also assumes you are dependent on one vendor. However, strong application layers can swap models out, just like batteries can be replaced. Generic apps don't work. The winners are the ones who dig into the painful, boring details of a specific workflow. If a company integrates deep into the user workflow, it becomes infrastructure. The product gets entrenched through distribution, integrations, design, feedback loops, and trust. And you can only get there by leveraging all existing technology as best as possible to fix the problem you've set out to solve for users. "If I have seen further, it is by standing on the shoulders of giants" - Newton

Grant Lee

63,505 просмотров • 7 месяцев назад

10 Shocking Stories the Media Buried This Week #10 – UK government BUSTED in a secret plot to extract personal data from 2 billion iPhone users. They were this close to your “encrypted” data. This story begins when the UK govt hit Apple with a secret gag order, forcing them to either backdoor encrypted data for billions of users or face criminal charges if they refused to comply. Apple couldn’t even talk about it. The order demanded Apple create a vulnerability in its iCloud encryption, which would have given the UK government a back door to financial information, health records, and private conversations—not just of UK citizens but of two billion iPhone users worldwide. Remember, the UK government has already tried to threaten and extradite individuals outside the UK for violating British censorship laws—including US citizens over their online posts. So what happens when governments push to punish you not just for what you say publicly but for what you say privately? Rather than handing over the data of 2 billion iPhone users to the UK government, Apple chose to pull its Advanced Data Protection (ADP) in the UK—removing the option for UK users to enable encryption. Existing UK users must now disable encryption, and new users won’t have the option at all. US citizens and people in other countries remain unaffected by the UK government’s dystopian push to surveil and censor speech—for now. The UK government was this close to surveilling you, too—but luckily, Sayer Ji, Elon Musk, and The Wall Street Journal exposed this privacy nightmare. In another disturbing development, Imran Ahmed of the CCDH—one of the leading architects of the UK’s war on speech—is being awarded for his Orwellian efforts with a $300,000 prize this May. Sayer Ji has put together a petition to oppose this absurd aggrandizement of someone who has worked tirelessly to annihilate personal freedoms and silence dissenting voices. You can sign that petition here: (See 9 More Revealing Stories Below)

The Vigilant Fox 🦊

1,158,969 просмотров • 1 год назад