InfoWorld

Flowise’s MCP implementation can run ghost commands

A 9.9-severity vulnerability in Flowise’s MCP stdio implementation can allow attackers to achieve remote code execution in self-hosted deployments.
The Hacker News

Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks

Ghost CMS flaw CVE-2026-26980 enabled attacks on 700+ sites, injecting ClickFix malware through fake CAPTCHA pages.

Tiger Data Launches Ghost, a Purpose-Built Database Service for the Agentic Era

Tiger Data, the team behind TimescaleDB and over a decade of Postgres engineering serving thousands of customers worldwide, today announced the general availability of Ghost, a database service ...
CSOonline

Internet Explorer may be dead, but its ghost still runs malware

Microsoft’s aging “mshta.exe” utility, a leftover component from Internet Explorer, is still being actively abused in modern malware campaigns years after the browser itself was retired. According to ...
The Hacker News

Microsoft Open-Sources RAMPART and Clarity to Secure AI Agents During Development

Microsoft has unveiled two new open-source tools called RAMPART and Clarity to assist developers in better testing the security of artificial intelligence (AI) agents. RAMPART, short for Risk ...
Dark Reading

Vulnerabilities & Threats

Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading ...
GitHub

CoSama-Ai/CodeStacker-awesome-openclaw-skills

OpenClaw (previously known as Moltbot, originally Clawdbot... identity crisis included, no extra charge) is a locally-running AI assistant that operates directly on your machine. Skills extend its ...
GitHub

seanippolito/self-hosting-guide

APITable is an API-oriented low-code platform for building collaborative apps and better than all other Airtable open-source alternatives. Chisel Kubernetes Operator is a Kubernetes operator for ...