CVE-2025-59528 exploited in Flowise for over six months across 12,000+ exposed instances, enabling full system compromise.
Threat actors have started exploiting CVE-2025-59528, a critical Flowise vulnerability leading to remote code execution.
The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...
Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...
A supply-chain attack backdoored versions of Axios, a popular JavaScript library that's present in many different software ...
ENVIRONMENT: A global leader in safety and industrial technology is driving the next generation of cloud-based IoT solutions, connecting industrial systems, sensors, and devices into scalable, ...
The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...
The UAT-10608 hacking group is using automated scanning and scripts to exploit React2Shell in a large-scale credential ...
M stolen after six-month DPRK social engineering campaign began fall 2025, exposing Drift’s contributors and cloud assets.
The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute ...
一些您可能无法访问的结果已被隐去。
显示无法访问的结果