Appsec adventures

The article explains why organizations must start migrating from traditional cryptographic algorithms to post-quantum cryptography. Advances in quantum computing threaten to break widely used algorithms such as RSA and ECC, putting long-term data confidentiality at risk. The text emphasizes the need for early planning, including inventorying cryptographic assets, identifying where vulnerable algorithms are used, and designing a phased migration strategy. It highlights crypto-agility as essential, allowing systems to adapt as standards evolve. Migration is presented as a gradual, multi-year effort rather than a one-time change.  https://www.wileyconnect.com/migrating-from-traditional-algorithms-to-post-quantum-cryptography-what-your-organization-needs-to-know

A security research team has uncovered a malicious campaign dubbed “MaliciousCorgi” involving two Visual Studio Code extensions with a combined 1.5 million installs that pose as helpful AI coding assistants but secretly harvest and exfiltrate developers’ code and activity data without consent. The extensions, still live on the official VS Code Marketplace, not only read and transmit entire files opened in the editor but also include hidden profiling and server-controlled harvesting mechanisms that can collect batches of files and metadata, exposing sensitive credentials, source code, and workspace information to remote servers in China  https://www.koi.ai/blog/maliciouscorgi-the-cute-looking-ai-extensions-leaking-code-from-1-5-million-developers

A severe security flaw tracked as CVE-2026-25049 has been disclosed in the n8n open-source workflow automation platform that allows authenticated users with permission to create or modify workflows to execute arbitrary system commands on the underlying host, potentially compromising the entire server and sensitive data and credentials stored there. The vulnerability arises from inadequate sanitization in the expression evaluation mechanism and impacts versions of n8n prior to 1.123.17 and 2.5.2, with a CVSS severity score of 9.4. Users are urged to update to the patched releases immediately to mitigate the risk.  https://thehackernews.com/2026/02/critical-n8n-flaw-cve-2026-25049.html