CSO Online

Hackers exploit a critical Flowise flaw affecting thousands of AI workflows

The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...
The Hacker News

Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs

Iran-linked actors target U.S. PLCs using Dropbear and SSH access, disrupting OT systems across sectors and escalating cyber ...

Hackers compromise Axios npm package to drop cross-platform malware

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

Max severity Flowise RCE vulnerability now exploited in attacks

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...

Hacker hijacks Axios open-source project, used by millions, to push malware

A hacker inserted malware in Axios, an open-source web tool downloaded tens of millions of times weekly, in a widespread hack ...

Hackers compromise popular Axios Javascript library with hidden malware

The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute ...

Hackers slipped a trojan into the code library behind most of the internet. Your team is probably affected

Attackers stole a long-lived npm token from the lead axios maintainer and published two poisoned versions that drop a ...

Alleged North Korean Hack Of US Companies Could Take 'Months' To Recover From

Discover the details of the North Korean hack on Axios software. We explain how the UNC1069 group is stealing US ...

Iranian-affiliated hackers target Rockwell-made devices

A Rockwell spokesperson said the company has been coordinating closely with government agencies in connection with the ...
The Hacker News

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed

CVE-2025-59528 exploited in Flowise for over six months across 12,000+ exposed instances, enabling full system compromise.
Nextgov

North Korea-linked hackers suspected in Axios open-source hijack, Google analysts say

The full breadth of this incident is still unclear, but given the popularity of the compromised package, we expect it will ...
PCMag Australia on MSN

Hacker Tries to Spread Malware to Millions by Hitting 'Axios NPM' Software

Axios functions as pre-built software that a developer can easily incorporate into a JavaScript project. However, a hacker ...