The Hacker News

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed

CVE-2025-59528 exploited in Flowise for over six months across 12,000+ exposed instances, enabling full system compromise.

Max severity Flowise RCE vulnerability now exploited in attacks

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...

How North Korean hackers used fake Teams updates to compromise the Axios library

It's unclear how widespread the damage is from the recent axios hack involving North Korean malware, Microsoft Teams, Slack, ...
Silicon Canals

One maintainer, one compromised laptop: How North Korean hackers hijacked the Axios open source project

In early April 2025, security researchers confirmed that North Korean state-sponsored hackers had successfully compromised the Axios HTTP library. It is one ...
Silicon CanalsOpinion

A single maintainer, a fake company, and a three-hour window: inside the Axios supply chain hijack

The most widely used JavaScript HTTP library on the internet — embedded in millions of production applications, relied on by ...
News.az

The flowise AI crisis: why 12,000+ exposed servers are a hacker's playground

Threat actors are exploiting a maximum-severity security flaw in Flowise, an open-source artificial intelligence (AI) ...
Cyber Daily

Act now! Fortinet responds to actively exploited critical zero-day, CVE-2026-35616

Attackers are already targeting a vulnerability in Fortinet’s FortiClient EMS, with the company rushing out an Easter hotfix to get ahead of the hackers.

Hackers Turned Anthropic's Claude Code Leak into a Malware Lure

The post Hackers Turned Anthropic's Claude Code Leak into a Malware Lure appeared first on Android Headlines.
InfoQ

Anthropic Accidentally Exposes Claude Code Source via npm Source Map File

Anthropic's Claude Code CLI had its full TypeScript source exposed after a source map file was accidentally included in ...