The Hacker News

Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed

CVE-2025-59528 exploited in Flowise for over six months across 12,000+ exposed instances, enabling full system compromise.

Mike Vrabel won't talk before NFL draft, but not due to Dianna Russini controversy

Patriots coach, who was photographed with reporter Dianna Russini at an Arizona resort in March, won't address topic before ...

When do drivers legally have to signal?

When it comes to signalling, the law sends mixed signals, but experts say for safety you should get in the habit of ...
The Hacker News

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

"The C2 hosts a web-based graphical user interface (GUI) titled 'NEXUS Listener' that can be used to view stolen information ...
SecurityWeek

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

The UAT-10608 hacking group is using automated scanning and scripts to exploit React2Shell in a large-scale credential ...

Max severity Flowise RCE vulnerability now exploited in attacks

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...
CSO Online

Hackers exploit a critical Flowise flaw affecting thousands of AI workflows

The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...

Top open source AI platform Flowise hit by maximum-level security issue

Flowise AI platform carried CVSS-10 arbitrary code flaw Vulnerability in CustomMCP node exploited in the wild Up to 15,000 ...
New Age

Opposition lawmaker demands release of woman arrested over Facebook post

Opposition lawmaker Rafiqul Islam Khan on Tuesday criticised the arrest of a woman in Bhola over a Facebook post about the energy crisis, demanding her release and the withdrawal of the ...
The Register-Herald

A possible Frozen Four first: All 4 starting goalies are freshmen

Four freshman goalies will take the ice at the Frozen Four semifinals on Thursday at T-Mobile Arena in Las Vegas. The NCAA ...

Hackers exploit React2Shell in automated credential theft campaign

Hackers are running a large-scale campaign to steal credentials in an automated way after exploiting React2Shell ...
SecurityWeek

Critical Flowise Vulnerability in Attacker Crosshairs

Threat actors have started exploiting CVE-2025-59528, a critical Flowise vulnerability leading to remote code execution.