CSO Online

Hackers exploit a critical Flowise flaw affecting thousands of AI workflows

The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...

CMS Grants Fresenius Kabi COVID-19 Indication-Specific HCPCS Codes for Tyenne® (tocilizumab-aazg)

Fresenius Kabi, a part of Fresenius, and a leading provider of essential medicines and medical technologies, announced today that the Centers for Medicare & Medicaid Services has issued ...

Max severity Flowise RCE vulnerability now exploited in attacks

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...
InfoWorld

How Agile practices ensure quality in GenAI-assisted development

AI lets you code at warp speed, but without Agile "safety nets" like pair programming and automated tests, you're just ...

Top open source AI platform Flowise hit by maximum-level security issue

Flowise AI platform carried CVSS-10 arbitrary code flaw Vulnerability in CustomMCP node exploited in the wild Up to 15,000 ...

FortiClient EMS: Critical code-injection vulnerability is being exploited

Fortinet has provided hotfixes and strongly advises admins to apply them quickly. They patch an exploited code-injection ...
Infosecurity Magazine

How Security Leaders Can Safeguard Against Vibe Coding Security Risks

Infosecurity outlines key recommendations for CISOs and security teams to implement safeguards for AI-assisted coding ...
SecurityWeek

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Within days of each other, Anthropic first leaked the source code to Claude Code, and then a critical vulnerability was found ...
The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...

Healing after a heart attack: New injection could help reverse damage

Columbia University scientists developed a two-step RNA therapy that may repair cardiovascular tissue after a heart attack by ...
The Hacker News

Masjesu Botnet Emerges as DDoS-for-Hire Service Targeting Global IoT Devices

Masjesu botnet drives global DDoS attacks since 2023, with nearly 50% traffic from Vietnam, threatening enterprises and IoT ...
InfoWorld

Microsoft’s new Agent Governance Toolkit targets top OWASP risks for AI agents

The open-source project maps directly to OWASP’s top 10 agentic AI threats, aiming to curb issues like prompt injection, ...