Two vulnerabilities in n8n’s sandbox mechanism could be exploited for remote code execution (RCE) on the host system.

CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.

Google DeepMind has added Agentic Vision to Gemini 3 Flash, enabling active image exploration through Python code execution with 5-10% quality improvements.