CSO Online

Hackers exploit a critical Flowise flaw affecting thousands of AI workflows

The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...

Top open source AI platform Flowise hit by maximum-level security issue

Flowise AI platform carried CVSS-10 arbitrary code flaw Vulnerability in CustomMCP node exploited in the wild Up to 15,000 ...

Max severity Flowise RCE vulnerability now exploited in attacks

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...
GovInfoSecurity

Backdooring of JavaScript Library Axios Tied to North Korea

A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...
The Hacker News

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed

CVE-2025-59528 exploited in Flowise for over six months across 12,000+ exposed instances, enabling full system compromise.

RxDB 17: Sync without server, access for AI agents

The open-source database RxDB 17 now synchronizes data directly via Google Drive or OneDrive – developers no longer need ...
Developer Tech

Axios npm attack causes JavaScript supply chain chaos

Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million ...

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
QueertyOpinion

Grindr servers in Texas crash moments after Benny Johnson takes the stage at CPAC

Another Republican event, another Grindr outage. At this point, it’s almost old news: every time conservatives get together ...
Dark Reading

Axios NPM Package Compromised in Precision Attack

The NPM package for Axios, a popular JavaScript HTTP client library, was briefly compromised this week, possibly by North ...