Threat actors have started exploiting CVE-2025-59528, a critical Flowise vulnerability leading to remote code execution.
GlassWorm uses a fake WakaTime VS Code extension to infect IDEs, deploy RATs, and steal data, prompting urgent credential ...
The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...
The Internet Bug Bounty program has paused new submissions, citing a massive expansion in vulnerability discovery by AI code ...
As enterprises rely more heavily on AI technologies and services, attackers’ living-off-the-land techniques have evolved to ...
A data breach at the city attorney's office led to a massive cache of LAPD files being dumped online. Here's what we know ...
PM This week in cybersecurity: botnets, RCE flaws, AI-driven attacks, stealers, and more. Fast, no-fluff roundup.
The North Korean threat actor behind the Axios supply chain attack has been targeting high-profile Node.js maintainers.
Anthropic's Claude Code CLI had its full TypeScript source exposed after a source map file was accidentally included in ...
A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.
A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results