Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...
Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...
CVE-2025-59528 exploited in Flowise for over six months across 12,000+ exposed instances, enabling full system compromise.
Flowise AI platform carried CVSS-10 arbitrary code flaw Vulnerability in CustomMCP node exploited in the wild Up to 15,000 ...
The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...
The UAT-10608 hacking group is using automated scanning and scripts to exploit React2Shell in a large-scale credential ...
On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...
Within days of each other, Anthropic first leaked the source code to Claude Code, and then a critical vulnerability was found ...
Threat actors are exploiting a maximum-severity security flaw in Flowise, an open-source artificial intelligence (AI) ...
Cloudflare says dynamically loaded Workers are priced at $0.002 per unique Worker loaded per day, in addition to standard CPU and invocation charges ...
Axios, a widely used JavaScript HTTP client, was briefly distributed through npm in two malicious versions after a maintainer ...
Some results have been hidden because they may be inaccessible to you
Show inaccessible results