Max severity Flowise RCE vulnerability now exploited in attacks

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...

AI agents found vulns in this popular Linux and Unix print server

Asim Viladi Oglu Manizada and his team of vulnerability hunting agents recently discovered two issues in CUPS, CVE-2026-34980 ...
Microsoft

Inside an AI‑enabled device code phishing campaign

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.

New Super Mario Bros Ace Trick Discovered After 40 Years To Break Speedrun Records

By meeting a specific set of conditions, including activating Second Quest, ACE can be achieved in Super Mario Bros. 1.

After 40 years, Super Mario Bros speedrunners discover the holy grail of glitches

"This glitch means we choose what code the game executes. You can basically make the game do whatever you want" ...
Hackaday

This Week In Security: The Supply Chain Has Problems

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...
Microsoft

Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments

Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting ...
CSO Online

Vim and GNU Emacs: Claude Code helpfully found zero-day exploits for both

A simple prompt sent Claude Code on a mission that uncovered major security vulnerabilities in popular text editors — and ...

Meta's new structured prompting technique makes LLMs significantly better at code review — boosting accuracy to 93% in some cases

This technique can be used out-of-the-box, requiring no model training or special packaging. It is code-execution free, which ...

Claude Code source leak reveals how much info Anthropic can hoover up about you and your system

For those who recall the debate surrounding Microsoft Recall not long ago, Claude Code's capture of activity is similar.
The Hacker News

WebRTC Skimmer Bypasses CSP to Steal Payment Data from E-Commerce Sites

WebRTC skimmer exploits PolyShell flaw since March 19, hitting 56.7% stores, enabling stealth data theft bypassing CSP.
MarketWatch

Xint Code Demonstrates Human-like Discovery and Prioritization of Business Logic Vulnerabilities, Analyzing Millions of Code Lines in Just Hours

Theori, a leader in offensive security research, today announced the commercial availability of Xint Code, the first completely LLM-native Static Application Security Testing (SAST) tool capable of ...