02/04/2026-02/11/2026 Critical SQLi Flaw, Microsoft Patches 59 Vulnerabilities, Critical n8n Flaws Disclosed Along With Public Exploits And More.

1. Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution

Fortinet has released security updates to fix a critical vulnerability in FortiClientEMS (CVE-2026-21643), rated 9.1 in severity, that could allow unauthenticated attackers to execute arbitrary code. The flaw is an SQL injection issue that can be exploited through specially crafted HTTP requests. The vulnerability affects FortiClientEMS 7.4.4, and users are advised to upgrade to version 7.4.5 or later. Versions 7.2 and 8.0 are not affected. Although there are no reports of active exploitation, Fortinet recommends applying patches as soon as possible. The flaw was discovered and reported by a member of Fortinet’s Product Security team. Separately, Fortinet recently addressed another critical vulnerability (CVE-2026-24858) affecting several products, including FortiOS and FortiManager. That issue, rated 9.4, has been actively exploited by attackers to create persistent admin accounts, modify configurations to enable VPN access, and exfiltrate firewall configuration data.

2. Microsoft Patches 59 Vulnerabilities Including Six Actively Exploited Zero-Days

Microsoft released security updates addressing 59 vulnerabilities, including six actively exploited flaws. Five issues are rated Critical, 52 Important, and two Moderate. The vulnerabilities include privilege escalation, remote code execution, spoofing, information disclosure, security feature bypass, denial-of-service, and cross-site scripting. The six exploited flaws affect components such as Windows Shell, MSHTML, Microsoft Word, Desktop Window Manager, Remote Access Connection Manager, and Remote Desktop. Some allow attackers to bypass security prompts or elevate privileges after gaining access to a system, potentially enabling malware deployment or credential theft. Researchers from Microsoft, Google Threat Intelligence Group, and others reported several of the issues, though details of exploitation remain limited. CISA has added all six vulnerabilities to its Known Exploited Vulnerabilities catalog, requiring U.S. federal agencies to patch them by March 3, 2026. Microsoft also issued Edge browser fixes, updated Secure Boot certificates, and introduced new security features aimed at strengthening default protections and improving user transparency and consent.

3. Threat Actors Publish Malicious dYdX Packages to npm and PyPI Repositories

Cybersecurity firm Socket has uncovered a supply-chain attack in which threat actors published malicious versions of dYdX client libraries to both npm and PyPI, targeting developers building cryptocurrency trading tools. The incident, detected on January 27, 2026, likely involved a compromised maintainer account. Affected packages included several versions of @dydxprotocol/v4-client-js and the PyPI package dydx-v4-client.

The malware was hidden in core files and executed during normal use. In npm packages, tampered functions stole seed phrases and device fingerprints, sending them to a typosquatted domain. The PyPI version was more severe, installing a remote access trojan that periodically contacted a command-and-control server and could run arbitrary code, enabling theft of credentials, source code, and other sensitive data.

dYdX warned users to isolate systems and rotate credentials. Developers are advised to audit dependencies, upgrade to safe versions, block known indicators, and monitor environments, as compromised packages could lead to wallet theft or full system compromise.

4. Open Source Security Gets AI Boost As Claude Detects 500+ Critical Issues

Anthropic says its latest model, Claude Opus 4.6, has demonstrated the ability to autonomously audit open-source software, discovering more than 500 previously unknown high-severity vulnerabilities in widely used libraries such as Ghostscript, OpenSC, and CGIF. All reported flaws were confirmed as real and have since been patched by maintainers.

In testing, the model operated in a virtualised environment with access to tools like debuggers and fuzzers but no detailed instructions. Researchers found it used reasoning similar to human security analysts, identifying patterns in code and past fixes to uncover subtle weaknesses that traditional fuzzing sometimes missed. Examples included memory-handling errors and overflows that could cause crashes or allow exploitation.

Anthropic is deploying the system to help maintainers find and fix vulnerabilities, highlighting AI’s growing role as a defensive security tool that can complement manual review. However, the company also warned that similar capabilities could be misused and said it is adding safeguards to reduce risks.

5. Critical n8n Flaws Disclosed Along With Public Exploits

Multiple critical vulnerabilities in the open-source workflow automation platform n8n, tracked as CVE-2026-25049, allowed authenticated users with permission to create or edit workflows to escape the sandbox and execute arbitrary code on the host server. Researchers found the flaws stemmed from weak sanitization and incomplete sandboxing of user-written JavaScript, enabling attackers to run system commands, access files, and steal credentials, API keys, and configuration data. In multi-tenant environments, the issue could also allow lateral movement to other tenants or connected cloud services.

Several security firms independently identified bypasses, showing that earlier patches were incomplete. The vulnerabilities were fixed in n8n versions 2.5.2 and 1.123.17, and users are urged to update, rotate encryption keys, and review workflows.

Although no active exploitation has been confirmed, researchers have observed large-scale scanning of exposed n8n systems, suggesting growing attacker interest and highlighting the importance of prompt patching and access controls.