The Cybersecurity Defenders Podcast #281 - Intel Chat: Ni8mare CVSS 10.0, malicious AI extensions, Venezuela blackout & guilty BlackCat insiders
Jan 14, 2026
A newly discovered CVSS 10.0 vulnerability in the n8n automation platform poses significant risks, allowing attackers to exploit unauthenticated access. Malicious Chrome extensions are stealing sensitive AI chat histories, raising alarm over browser security. The recent U.S. operation in Venezuela highlights ambiguous cyber tactics, while discussions on the cyber vulnerabilities of the nation's infrastructure fueling concerns. Additionally, two cybersecurity professionals admitted guilt in a major ransomware case, showcasing the growing threat of insider risks in the industry.
AI Snips
Chapters
Transcript
Episode notes
Single-Instance Compromise Scales Rapidly
- A CVSS 10.0 N8N flaw lets unauthenticated attackers read arbitrary files and escalate to full RCE.
- That single compromised instance can expose API keys, tokens, and cloud credentials across many systems.
Patch N8N And Reduce Runtime Privileges
- Patch exposed N8N instances immediately and verify no public webhooks accept multipart overrides.
- Review instance permissions to ensure N8N doesn't run with root or excessive privileges.
User-Side AI Data Is A New Goldmine
- Malicious Chrome extensions harvested full AI chat histories and open-tab URLs from nearly a million installs.
- Attackers now prefer stealing user-side AI conversations rather than attacking LLM infrastructure directly.