The Hacker News

n8n Supply Chain Attack Abuses Community Nodes to Steal OAuth Tokens

Malicious npm packages posing as n8n community nodes were used to steal OAuth tokens by abusing trusted workflow integrations ...
GitHub

Yanoky1/obsidian-kinopoisk-yanoky-plugin

Use Kinopoisk.dev API to get the information. Set the folder location where the new file is created. Otherwise, a new file is created in the Obsidian Root folder.
InfoWorld

Open WebUI bug turns the ‘free model’ into an enterprise backdoor

The bug allows attacker-controlled model servers to inject code, steal session tokens, and, in some cases, escalate to remote ...