The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...
GlassWorm uses a fake WakaTime VS Code extension to infect IDEs, deploy RATs, and steal data, prompting urgent credential ...
A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...
Flowise AI platform carried CVSS-10 arbitrary code flaw Vulnerability in CustomMCP node exploited in the wild Up to 15,000 ...
The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...
CVE-2025-59528 exploited in Flowise for over six months across 12,000+ exposed instances, enabling full system compromise.
Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...
Developers using the axios package from npm may have downloaded a malicous version that drops a Remote Access Trojan ...
Threat actors have started exploiting CVE-2025-59528, a critical Flowise vulnerability leading to remote code execution.
On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...
OpenClaw's Node for VS Code extension proved it can support a real local file-based workflow, but on Windows the experience still feels more like early infrastructure than finished tooling.
Researchers who identify and report bugs in open-source software will no longer be rewarded by the Internet Bug Bounty team.
Some results have been hidden because they may be inaccessible to you
Show inaccessible results