Dark Reading

AI-Led Remediation Crisis Prompts HackerOne to Pause Bug Bounties

Discovery used to be the bottleneck for open source bugs, but with automated discovery, remediation's the bottleneck, which ...

Top open source AI platform Flowise hit by maximum-level security issue

A 10/10 Flowise bug was patched, but is now being abused in the wild.

TuxCare Expands Endless Lifecycle Support to Ruby 3.2, Node.js 20, and Django 4.2 Amid Critical End-of-Life Deadlines

New ELS offerings ensure continuous security patching and operational stability for widely used development frameworks ...
CSO Online

Hackers exploit a critical Flowise flaw affecting thousands of AI workflows

The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...
TMCnet

PyTorch Foundation Announces Safetensors as Newest Contributed Project to Secure AI Model Execution

Safetensors is welcomed into the PyTorch Foundation to secure model distribution and build trusted agentic solutions. PARIS, ...
Developer Tech

AI code scanners halt Internet Bug Bounty payouts

The Internet Bug Bounty program has paused new submissions, citing a massive expansion in vulnerability discovery by AI code ...
The Hacker News

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed

CVE-2025-59528 exploited in Flowise for over six months across 12,000+ exposed instances, enabling full system compromise.
Dark Reading

Automated Credential Harvesting Campaign Exploits React2Shell Flaw

An emerging threat cluster is exploiting vulnerable Web-exposed Next.js apps and using an automated tool to steal credentials ...
Windows Report

Hackers Breached Axios npm by Impersonating Companies and Hijacking Maintainer Access

Hackers infiltrated Axios maintainers using fake Slack channels and Teams calls, then published infected packages.
SecurityWeek

Guardarian Users Targeted With Malicious Strapi NPM Packages

A threat actor has used 36 malicious NPM packages posing as Strapi plugins to distribute malware targeting Redis, Docker, and ...
SecurityWeek

North Korean Hackers Target High-Profile Node.js Maintainers

The North Korean threat actor behind the Axios supply chain attack has been targeting high-profile Node.js maintainers.

Axios npm hack used fake Teams error fix to hijack maintainer account

The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers ...