The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...

By combining indirect prompt injection with client-side bypasses, attackers can force Grafana to leak sensitive data through routine image requests.

Google Threat Intelligence Group warns of active supply chain attack on npm’s Axios library Malicious dependency ...

North Korean hackers published backdoored versions of the Axios NPM package using a compromised long-lived access token.

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks ...

Axios 1.14.1 and 0.30.4 injected malicious [email protected] after npm compromise on March 31, 2026, deploying ...

Claude extension flaw enabled silent prompt injection via XSS and weak allowlist, risking data theft and impersonation until ...

OpenAI details new 'Safe Url' defense system treating AI prompt injection like social engineering, with attacks succeeding 50% of the time before fixes. OpenAI published technical details on March 16 ...

AI assistants are rapidly becoming a core part of workplace productivity, but new research suggests they may also introduce a previously overlooked phishing vector. Permiso researchers found that ...

Researchers boosted levels of a heart-healing hormone in mice and pigs with a single injection of a new, experimental form of self-amplifying RNA that prolonged hormone synthesis for many weeks. When ...

Jordan Freiman is a news editor for CBSNews.com. He covers breaking news, trending stories, sports and crime. Jordan has previously worked at Spin and Death and Taxes. Senior Coordinating Producer, ...