CSO Online

Hackers exploit a critical Flowise flaw affecting thousands of AI workflows

The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...

Max severity Flowise RCE vulnerability now exploited in attacks

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...

FortiClient EMS: Critical code-injection vulnerability is being exploited

Fortinet has provided hotfixes and strongly advises admins to apply them quickly. They patch an exploited code-injection ...
Infosecurity Magazine

How Security Leaders Can Safeguard Against Vibe Coding Security Risks

Infosecurity outlines key recommendations for CISOs and security teams to implement safeguards for AI-assisted coding ...

CISA adds second critical flaw in Ivanti EPMM to exploited vulnerabilities catalog

CISA set a deadline of April 11 for federal civilian executive branch agencies to mitigate their environments. Ivanti first ...

CMS Grants Fresenius Kabi COVID-19 Indication-Specific HCPCS Codes for Tyenne® (tocilizumab-aazg)

Fresenius Kabi, a part of Fresenius, and a leading provider of essential medicines and medical technologies, announced today that the Centers for Medicare & Medicaid Services has issued ...

Top open source AI platform Flowise hit by maximum-level security issue

Flowise AI platform carried CVSS-10 arbitrary code flaw Vulnerability in CustomMCP node exploited in the wild Up to 15,000 ...
The Hacker News

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed

CVE-2025-59528 exploited in Flowise for over six months across 12,000+ exposed instances, enabling full system compromise.

Draft target could serve as the Cowboys new linebacking punisher

The Dallas Cowboys linebacker room remains a giant work in progress. The team has attempted to add veterans in recent years ...
InfoWorld

Microsoft’s new Agent Governance Toolkit targets top OWASP risks for AI agents

The open-source project maps directly to OWASP’s top 10 agentic AI threats, aiming to curb issues like prompt injection, ...
InfoWorld

How Agile practices ensure quality in GenAI-assisted development

AI lets you code at warp speed, but without Agile "safety nets" like pair programming and automated tests, you're just ...
The Hacker News

Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices

Masjesu botnet drives global DDoS attacks since 2023, with nearly 50% traffic from Vietnam, threatening enterprises and IoT ...