The Trump administration has repealed the scientific determination that underpins the government’s legal authority to combat climate change.

© Jenny Kane/Associated Press

Apple has announced a new version of Xcode, the latest version of its integrated development environment (IDE) for building software for its own platforms, like the iPhone and Mac. The key feature of 26.3 is support for full-fledged agentic coding tools, like OpenAI's Codex or Claude Agent, with a side panel interface for assigning tasks to agents with prompts and tracking their progress and changes.

This is achieved via Model Context Protocol (MCP), an open protocol that lets AI agents work with external tools and structured resources. Xcode acts as an MCP endpoint that exposes a bunch of machine-invocable interfaces and gives AI tools like Codex or Claude Agent access to a wide range of IDE primitives like file graph, docs search, project settings, and so on. While AI chat and workflows were supported in Xcode before, this release gives them much deeper access to the features and capabilities of Xcode.

This approach is notable because it means that even though OpenAI and Anthropic's model integrations are privileged with a dedicated spot in Xcode's settings, it's possible to connect other tooling that supports MCP, which also allows doing some of this with models running locally.

Read full article

Comments

© Apple

The president’s embrace of fossil fuels and withdrawal from the global fight against climate change will make it hard to keep warming at safe levels, scientists said.

© Benjamin Rasmussen for The New York Times

The world’s oceans are becoming dangerously acidic. A controversial proposal would raise the pH — by mixing chemicals into the water.

© Alexander Coggin for The New York Times

A newly disclosed n8n vulnerability has been confirmed to allow authenticated users to execute arbitrary system commands on affected servers. The issue, tracked as CVE-2025-68668, has been assigned a CVSS score of 9.9, placing it firmly in the critical severity range. The flaw impacts the open-source workflow automation platform n8n and affects a broad range of deployed versions.  n8n is commonly used to design and run automated workflows that connect applications, services, and scripts. Due to its role in handling sensitive integrations and credentials, security vulnerabilities within the platform can have significant consequences.  

Sandbox Bypass in the Python Code Node 

The n8n vulnerability affects all versions from 1.0.0 up to, but not including, 2.0.0. According to the advisory, an authenticated user who has permission to create or modify workflows can exploit the issue to execute arbitrary operating system commands on the host running n8n. The vulnerability has been categorized as a protection mechanism failure.  The root cause lies in a sandbox bypass within the Python Code Node, which uses Pyodide to execute Python code. The advisory describes the issue clearly: “A sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands on the host system running n8n, using the same privileges as the n8n process.”  While the attacker does not automatically gain higher privileges than the n8n service itself, the ability to run system commands at that level may still allow for data access, lateral movement, or further compromise depending on how the instance is deployed. The flaw was published under GHSA-62r4-hw23-cc8v, with security researcher csuermann credited for the report. The affected package is the n8n npm package, and the issue remained present until it was fully addressed in version 2.0.0. 

Patch Details and Security Improvements 

The CVE-2025-68668 issue has been resolved in n8n version 2.0.0, which is now listed as the patched release. However, security improvements related to this issue were introduced earlier. In n8n version 1.111.0, the project added a task runner–based native Python implementation as an optional feature. This implementation was designed to provide a stronger isolation model than the Pyodide-based sandbox used by the Python Code Node.  To enable this more secure execution environment in affected versions, administrators must configure the N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER environment variables. With the release of n8n 2.0.0, this task runner–based Python sandbox became the default behavior, effectively mitigating the sandbox bypass that made CVE-2025-68668 exploitable.  The introduction of this default setting marks an architectural change aimed at reducing the attack surface associated with executing Python code inside workflows. It also reflects a broader shift toward isolating potentially dangerous operations more rigorously within automation platforms. 

Mitigations, Workarounds, and Broader Context for CVE-2025-68668 

For organizations that cannot immediately upgrade, n8n has outlined several workarounds to limit exposure to the n8n vulnerability. One option is to completely disable the Code Node by setting the environment variable NODES_EXCLUDE to ["n8n-nodes-base.code"].   Another mitigation is to disable Python support in the Code Node entirely by setting N8N_PYTHON_ENABLED=false, a configuration option introduced in n8n version 1.104.0. Administrators can also proactively enable the task runner–based Python sandbox using N8N_RUNNERS_ENABLED and N8N_NATIVE_PYTHON_RUNNER.  The disclosure of CVE-2025-68668 follows another recently addressed critical flaw, CVE-2025-68613, which also carried a CVSS score of 9.9 and could lead to arbitrary code execution under certain conditions.  

Most of the reserves in the country are extra-heavy oil that’s tough to extract and generates more greenhouse gases.

© Adriana Loureiro Fernandez for The New York Times

Black Friday has evolved into one of the most attractive periods of the year, not just for retailers, but for cybercriminals too. As shoppers rush to grab limited-time deals, attackers exploit the surge in online activity through malware campaigns, phishing scams, payment fraud, and impersonation attacks. With threat actors using increasingly advanced methods, understanding the risks is essential for both shoppers and businesses preparing for peak traffic. This cybersecurity survival guide breaks down the most common Black Friday threats and offers practical steps to stay secure in 2025’s high-risk threat landscape.

Why Black Friday Is a Goldmine for Cybercriminals

Black Friday and Cyber Monday trigger massive spikes in online transactions, email promotions, digital ads, and account logins. This high-volume environment creates the perfect disguise for malicious activity. Attackers know users are expecting deal notifications, promo codes, and delivery updates, making them more likely to click without verifying legitimacy. Retailers also face increased pressure to scale infrastructure quickly, often introducing misconfigurations or security gaps that cybercriminals actively look for.

Common Black Friday Cyber Threats

1. Phishing & Fake Deal Emails: Cybercriminals frequently impersonate major retailers to push “exclusive” deals or false order alerts. These emails often contain malicious links aimed at stealing login credentials or credit card data.

2. Malware Hidden in Apps and Ads: Fake shopping apps and malicious ads spread rapidly during Black Friday.

3. Fake Retail Websites: Dozens of cloned websites appear each year, mimicking popular brands with nearly identical designs. These sites exist solely to steal payment information or personal data.

4. Payment Card Fraud & Credential Stuffing: With billions of login attempts occurring during Black Friday, attackers exploit weak or reused passwords to take over retail accounts, redeem loyalty points, or make fraudulent purchases.

5. Marketplace Scams: Fraudulent sellers on marketplaces offer unrealistic discounts, harvest information, and often never deliver the product. Some also use sophisticated social engineering tactics to manipulate buyers.

Cybersecurity Tips for Shoppers

• Verify Before You Click: Check URLs, sender domains, and website certificates. Avoid clicking on deal links from emails or messages.
• Enable Multi-Factor Authentication (MFA): MFA prevents unauthorized access even if an attacker steals your password.
• Avoid Public Wi-Fi: Unsecured networks can expose your transactions. Use mobile data or a VPN.
• Use Secure Payment Options: Virtual cards and digital wallets limit your exposure during a breach.
• Download Apps Only from Official Stores: Stay away from third-party downloads or promo apps not approved by Google or Apple.

Best Practices for Retailers

• Strengthen Threat Detection & Monitoring: Retailers must monitor unusual login behavior, bot traffic, and transaction spikes. Cyble’s Attack Surface and Threat Intelligence solutions help businesses identify fake domains, phishing lures, and malware campaigns targeting their brand.
• Secure Payment Infrastructure: Ensure payment systems are PCI-compliant, updated, and protected from card-skimming malware.
• Educate Customers: Proactively notify customers about known scams and impersonation risks, especially during high-traffic sales periods.

With malware, phishing, and fraud attempts rising sharply during the shopping season, awareness and proactive defense are essential. By staying vigilant and leveraging trusted cybersecurity tools, both shoppers and businesses can navigate Black Friday securely. See how Cyble protects retailers during high-risk shopping seasons. Book your free 20-minute demo now.