Newsn8n CVSS 10.0 RCE CVE-2026-21858 100K Servers AffectedCyera Research Labs·high signalContent-Type confusion in n8n Form Webhook enables unauthenticated RCE. Leaks admin credentials via LLM chatbot nodes. 100K servers globally. Patched v1.121.0+.SourceSource pageCyera Research Labs↳ Follow the threadPolicy dependency / Stack layerHalluSquatting weaponizes LLM hallucinations to push botnet malware into agentsThe Hacker NewsStack layer / Threat patternOpen-Source Multi-Agent Firewall Intercepts Both HTTP(S) and WebSocket LLM TrafficarXivStack layer / Threat patternSnyk's Evo Agentic Development Security Hit GA June 29 — an Enforcement Layer That Polices MCP Servers and Coding Agents at RuntimeSiliconANGLEStack layer / Threat patternCROSS-CATEGORY: Three Vendors in Three Unrelated Categories Shipped 'Agents That Supervise Other Agents' Inside Two WeeksVantaStack layer / Threat patternBind every MCP token to the exact tool subset it may invoke, and check scope before the handler body runsDigital AppliedStack layer / Threat patternUnit 42: AI-agent npm packages become a prime supply-chain target in H1 2026Unit 42 (Palo Alto Networks)Stack layer / Threat patternMesh LLM: Distributed P2P Inference on iroh Splits Large Models Across Consumer GPUsiroh (via Hacker News)Stack layer / Threat patternOpenAI launches ChatGPT Work, an agentic workspace on GPT-5.6, with Sol/Luna/Terra model tiersInfoWorld