Max severity Flowise RCE vulnerability now exploited in attacks

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...
Bleeping Computer

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems. One malicious ...
The TyeeOpinion

Governments Need to Ensure that MAID Safeguards Don’t Harm Individuals

A common assumption is that restricting eligibility reduces risk of premature access or errors in assessing cases. But for ...
The TyeeOpinion

The UCP Tried to Kill a Health Story with Claims That Didn’t Stand Up

This story was originally published by the Investigative Journalism Foundation and was made possible by the Local Journalism ...
SecurityWeek

Critical Flowise Vulnerability in Attacker Crosshairs

Threat actors have started exploiting CVE-2025-59528, a critical Flowise vulnerability leading to remote code execution.

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a cross-platform RAT. Axios sits in 80% of cloud environments. Huntress confirmed ...
The Hacker News

Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs

Iran-linked actors target U.S. PLCs using Dropbear and SSH access, disrupting OT systems across sectors and escalating cyber ...
Tech Times

How React Native Mobile Transforms iOS and Android App Development with Expo CLI and React Native CLI

Learn how React Native Mobile simplifies iOS and Android app creation using the versatile mobile app framework with Expo CLI ...

Patch Now: Chrome Flaw Under Active Attack, Google Confirms

Google patches 21 Chrome vulnerabilities, including an actively exploited zero-day flaw that could enable code execution and ...

PM warns Travelodge CEO to 'seriously engage' with MPs after 'appalling' hotel sex attack

Sir Keir Starmer's letter to Jo Boydell comes in response to a man being jailed for sexually assaulting a guest after staff gave him access to her room.
The Hacker News

GlassWorm Campaign Uses Zig Dropper to Infect Multiple Developer IDEs

GlassWorm uses a fake WakaTime VS Code extension to infect IDEs, deploy RATs, and steal data, prompting urgent credential ...
The Caledonian-Record

Pantheon Resources PLC Announces Granting Restricted Stock Units and Blocklisting Application

LONDON, UK / ACCESS Newswire / April 13, 2026 / Pantheon Resources plc ("Pantheon" or the "Company"), the oil and gas company ...