Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code. The ...

The threat actor infected victims with the Snow malware family – Snowbelt, Snowglaze, and Snowbasin – for persistent access.

VS Code extensions since Dec 21, 2025 fuel GlassWorm v2, installing cross-IDE malware and stealing credentials.

CVE-2026-5752 CVSS 9.3 flaw in Terrarium enables root code execution via Pyodide prototype traversal, risking container ...

A 10/10 Flowise bug was patched, but is now being abused in the wild.

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

An internal Google memo, first circulated in early April 2026 and since described by multiple people familiar with its ...

Some automakers used the Beijing auto show to demonstrate that they heard Beijing’s message on strategic innovation loud and ...

Node.js does not need more theatrical security output. It needs better developer workflow infrastructure. It needs tools that ...

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...

This week, a "Raccoon"-linked actor hit help desks, Eurail exposed 308K users, Fortinet patched critical flaws, Pushpaganda ...

Two phishing campaigns, each using a different stealthy infection technique, are targeting organizations in attacks which aim ...