Max severity Flowise RCE vulnerability now exploited in attacks

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...
Microsoft

SOHO router compromise leads to DNS hijacking and adversary-in-the-middle attacks

Executive summary Forest Blizzard, a threat actor linked to the Russian military, has been compromising insecure home and ...
Developer Tech

Axios npm attack causes JavaScript supply chain chaos

Security teams are grappling with a major supply chain attack on Axios, a popular JavaScript library with over 100 million ...

Google Issues Zero-Day Attack Alert For 3.5 Billion Chrome Users

Google has issued an update alert for 3.5 billion Chrome browser users following confirmation of a new zero-day attack ...
The Hacker News

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

UNC1069 compromised Axios 1.14.1 and 0.30.4 via social engineering, impacting 100M weekly downloads and exposing supply ...

Patch Now: Chrome Flaw Under Active Attack, Google Confirms

Google patches 21 Chrome vulnerabilities, including an actively exploited zero-day flaw that could enable code execution and ...
The New York Times

Trump Claims Military Success but Offers No Clear Timeline to End Fighting

In a 19-minute address from the White House, President Trump said the U.S. would hit Iran “extremely hard over the next two to three weeks,” but did not make any revealing announcements. Zolan ...