CSO Online

Hackers exploit a critical Flowise flaw affecting thousands of AI workflows

The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...

Max severity Flowise RCE vulnerability now exploited in attacks

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...

FortiClient EMS: Critical code-injection vulnerability is being exploited

Fortinet has provided hotfixes and strongly advises admins to apply them quickly. They patch an exploited code-injection ...
Infosecurity Magazine

How Security Leaders Can Safeguard Against Vibe Coding Security Risks

Infosecurity outlines key recommendations for CISOs and security teams to implement safeguards for AI-assisted coding ...

CISA adds second critical flaw in Ivanti EPMM to exploited vulnerabilities catalog

CISA set a deadline of April 11 for federal civilian executive branch agencies to mitigate their environments. Ivanti first ...

CMS Grants Fresenius Kabi COVID-19 Indication-Specific HCPCS Codes for Tyenne® (tocilizumab-aazg)

Fresenius Kabi, a part of Fresenius, and a leading provider of essential medicines and medical technologies, announced today that the Centers for Medicare & Medicaid Services has issued ...
SecurityWeek

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Within days of each other, Anthropic first leaked the source code to Claude Code, and then a critical vulnerability was found ...

Top open source AI platform Flowise hit by maximum-level security issue

Flowise AI platform carried CVSS-10 arbitrary code flaw Vulnerability in CustomMCP node exploited in the wild Up to 15,000 ...

Healing after a heart attack: New injection could help reverse damage

Columbia University scientists developed a two-step RNA therapy that may repair cardiovascular tissue after a heart attack by ...
The Hacker News

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed

CVE-2025-59528 exploited in Flowise for over six months across 12,000+ exposed instances, enabling full system compromise.
CSO Online

Vim and GNU Emacs: Claude Code helpfully found zero-day exploits for both

A simple prompt sent Claude Code on a mission that uncovered major security vulnerabilities in popular text editors — and ...