The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...

By hiding malicious instructions on an attacker-controlled Web page, AI could ingest orders as benign and return sensitive ...

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...

By combining indirect prompt injection with client-side bypasses, attackers can force Grafana to leak sensitive data through routine image requests.

Threat actors can use malicious web content to set up AI Agent Traps and manipulate, deceive, and exploit visiting autonomous ...

This is GlassWorm: a software supply chain attack that security researchers are calling one of the most sophisticated and ...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

Google Threat Intelligence Group warns of active supply chain attack on npm’s Axios library Malicious dependency ...

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks ...

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...