CSO Online

Hackers exploit a critical Flowise flaw affecting thousands of AI workflows

The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...
Dark Reading

Grafana Patches AI Bug That Could Have Leaked User Data

By hiding malicious instructions on an attacker-controlled Web page, AI could ingest orders as benign and return sensitive ...

Max severity Flowise RCE vulnerability now exploited in attacks

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...
CSO Online

Zero‑click Grafana AI attack can enable enterprise data exfiltration

By combining indirect prompt injection with client-side bypasses, attackers can force Grafana to leak sensitive data through routine image requests.
SecurityWeek

Google DeepMind Researchers Map Web Attacks Against AI Agents

Threat actors can use malicious web content to set up AI Agent Traps and manipulate, deceive, and exploit visiting autonomous ...

'Hundreds of thousands of stolen secrets could potentially be circulating as a result of these recent attacks': Google says North Korean hackers behind major attack on Axi…

Google Threat Intelligence Group warns of active supply chain attack on npm’s Axios library Malicious dependency ...
SecurityWeek

Axios NPM Package Breached in North Korean Supply Chain Attack

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.
Cryptopolitan

Supply chain attack on Axios could compromise crypto wallets

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks ...
The Hacker News

Claude Extension Flaw Enabled Zero-Click XSS Prompt Injection via Any Website

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...
Live Science

A single injection of mRNA-like treatment healed heart muscle after a heart attack in mice and pigs. Could it work in humans too?

Researchers boosted levels of a heart-healing hormone in mice and pigs with a single injection of a new, experimental form of self-amplifying RNA that prolonged hormone synthesis for many weeks. When ...
SD Times

Direct Prompt Injection: How Attackers Manipulate LLM Input

Value stream management involves people in the organization to examine workflows and other processes to ensure they are deriving the maximum value from their efforts while eliminating waste — of ...