SecurityWeek

Critical Flowise Vulnerability in Attacker Crosshairs

Threat actors have started exploiting CVE-2025-59528, a critical Flowise vulnerability leading to remote code execution.
The Hacker News

GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

GlassWorm uses a fake WakaTime VS Code extension to infect IDEs, deploy RATs, and steal data, prompting urgent credential ...
CSO Online

Hackers exploit a critical Flowise flaw affecting thousands of AI workflows

The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...
The Hacker News

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

PM This week in cybersecurity: botnets, RCE flaws, AI-driven attacks, stealers, and more. Fast, no-fluff roundup.
Microsoft

Inside an AI‑enabled device code phishing campaign

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.
CSO Online

6 ways attackers abuse AI services to hack your business

As enterprises rely more heavily on AI technologies and services, attackers’ living-off-the-land techniques have evolved to ...
Developer Tech

AI code scanners halt Internet Bug Bounty payouts

The Internet Bug Bounty program has paused new submissions, citing a massive expansion in vulnerability discovery by AI code ...