Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks ...

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...

Threat actors can use malicious web content to set up AI Agent Traps and manipulate, deceive, and exploit visiting autonomous ...

A new report, The State of Biometric Security in the Age of AI Fraud, from Aware, Inc. (NASDAQ: AWRE), a global leader ...

It's not even your browser's fault.

North Korean hackers used an updated version of a known backdoor to target a popular npm package.

Flowise AI platform carried CVSS-10 arbitrary code flaw Vulnerability in CustomMCP node exploited in the wild Up to 15,000 ...

Axios 1.14.1 and 0.30.4 injected malicious plain-crypto-js@4.2.1 after npm compromise on March 31, 2026, deploying ...

A North Korea-nexus threat actor compromised the widely used axios npm package, delivering a cross-platform remote access ...

CVE-2025-59528 exploited in Flowise for over six months across 12,000+ exposed instances, enabling full system compromise.

Zero-days in .NET and SQL Server, and a handful of critical RCE bugs, form the nucleus of Microsoft’s March Patch Tuesday ...