Max severity Flowise RCE vulnerability now exploited in attacks

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...
CSO Online

Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how quickly a compromised package can propagate through the ecosystem.

Critical Nginx UI auth bypass flaw now actively exploited in the wild

A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full ...
InfoQ

Anthropic Accidentally Exposes Claude Code Source via npm Source Map File

Anthropic's Claude Code CLI had its full TypeScript source exposed after a source map file was accidentally included in ...
Iowa Public Radio

Here’s who's running for governor of Iowa in 2026

Voters will decide the Republican candidate for Iowa governor during the June 2 primary elections. State Auditor Rob Sand is running unopposed on the Democratic primary ballot. This story was ...
Milwaukee Journal Sentinel

Mailer in Germantown school election has one big problem

A political action committee sent mailers urging Germantown residents to re-elect a school board member who is not running. The mailers were paid for by the 1776 Project PAC, which is heavily funded ...

Entire Claude Code CLI source code leaks thanks to exposed map file

The entire source code for Anthropic’s Claude Code command line interface application (not the models themselves) has been ...
The Hacker News

April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More

Critical SAP, Adobe, Fortinet, and Microsoft flaws disclosed in April Patch Tuesday, enabling RCE and data theft risks.
Microsoft

Cookie-controlled PHP webshells: A stealthy tradecraft in Linux hosting environments

Cookie-gated PHP webshells use obfuscation, php-fpm execution, and cron-based persistence to evade detection in Linux hosting ...
The Jerusalem Post Blogs

Iran pushes on Epstein conspiracies in information war with US, experts tell ‘Post’

Iranian officials and state-linked accounts are invoking the Jeffrey Epstein scandal in English-language posts aimed at Americans as part of a broader effort to inflame conspiracy narratives and erode ...