Exploit Code Published for Critical Flowise RCE Vulnerability
Obsidian Security disclosed a critical remote code execution flaw in Flowise, an open‑source LLM workflow platform, tracked as CVE‑2026‑40933 with a CVSS score of 9.9. The vulnerability originates from unsafe serialization of stdio commands in Anthropic’s MCP protocol, allowing any user who can import a chatflow to execute arbitrary OS‑level commands. Exploitation can grant root privileges in self‑hosted deployments, exposing credentials and connected services. Flowise Cloud is unaffected because stdio MCP is disabled, but versions before 3.1.0 remain vulnerable.
In Other News: Trump Mobile Data Breach, FIFA World Cup Phishing, CISA Responds to Supply Chain Attacks
SecurityWeek’s weekly roundup highlights a wave of high‑profile cyber incidents. A third‑party breach at Trump Mobile exposed customer contact data, while a Russian state‑sponsored APT gained deep access to Treasury email accounts. Vulnerabilities in popular tools such as VS Code Remote‑SSH, Veeam,...
Chrome 148 Update Patches 151 Vulnerabilities
Google rolled out Chrome 148, patching 151 vulnerabilities, including 22 critical‑severity flaws. The most severe CVEs 2026‑9872 and 2026‑9873 earned $43,000 each in bug‑bounty rewards. Use‑after‑free bugs dominate the critical set, posing remote‑code‑execution and sandbox‑escape risks. Google disclosed over $130,000 in payouts and...
‘SymJack’ Attack Turns AI Coding Agents Into Supply Chain Attack Delivery Systems
Adversa AI unveiled the SymJack attack, which hijacks symlinks in AI‑driven coding agents to embed a malicious command‑and‑control server. By compromising the agent’s repository and inserting a disguised cp command, the payload silently registers the attacker’s server, allowing code execution...
Open Source DockSec Uses AI to Cut Through Vulnerability Noise in Docker Images
DockSec, an open‑source tool created by Advait Patel, combines existing scanners—Trivy, Hadolint, and Docker Scout—with large language models to filter duplicate CVEs and generate concrete remediation instructions. The LLM, selectable from OpenAI, Anthropic, Google Gemini or a local Ollama instance,...
Ghost CMS Vulnerability Exploited to Hack Over 700 Websites
A SQL injection flaw (CVE‑2026‑26980) in the Ghost content management system was patched in February 2026, but attackers began exploiting it in early May. The vulnerability allowed unauthenticated actors to harvest Admin API keys and inject malicious JavaScript, leading to...
266,000 Affected by Data Breach at Radiology Associates of Richmond
Radiology Associates of Richmond disclosed a data breach that compromised protected health information for approximately 266,000 individuals. The intrusion began around July 25, 2025, was contained with external cybersecurity help, and a forensic investigation concluded on April 6, 2026. On May 21 the firm mailed...
‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains
Security researcher ADAMnetworks has identified a new CDN‑based vulnerability called Underminr, a variant of domain fronting that lets attackers present a trusted SNI and Host while the request is routed to a different tenant’s IP. The technique exploits mismatches between...
Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure
Drupal warned that attackers are already probing the newly disclosed CVE‑2026‑9082, a highly critical SQL‑injection flaw in its database‑sanitization API. The vulnerability, which affects only PostgreSQL‑backed sites, was patched on May 20 but has triggered more than 15,000 exploitation attempts across...
Supply Chain Security Crisis: Too Many Vulnerabilities, Too Little Visibility
Black Kite’s 2026 Supply Chain Vulnerability Report warns that the sheer volume of new CVEs and shrinking time‑to‑exploit have created a visibility crisis for enterprises. In 2025 more than 48,000 CVEs were disclosed, yet only 58 were deemed truly exploitable...
Anthropic Silently Patches Claude Code Sandbox Bypass
Anthropic quietly fixed a critical sandbox bypass in Claude Code that could have let attackers route traffic around the allowlist proxy and exfiltrate data. The flaw, a SOCKS5 hostname null‑byte injection, existed from the service’s public launch on October 20,...
Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack
A new Mini Shai‑Hulud supply‑chain campaign compromised the NPM maintainer account atool, flooding more than 320 NPM packages—including the popular timeago.js and echarts‑for‑react—with malicious versions. The malicious payloads install‑time code that reads GitHub Actions runner memory, harvests credentials from over 130...
Caught Off Guard: Securing AI After It Hits Production
Enterprises are rapidly moving AI prototypes into production without involving security teams, leaving them vulnerable to surprise attacks. The article argues that security must shift from reactive firefighting to strategic, early‑stage engagement across the software development lifecycle. It outlines practical...
Real-World ICS Security Tales From the Trenches
Industrial control system (ICS) security is far messier than policy manuals suggest, as real‑world incidents reveal persistent APT threats, ill‑suited IT tools, and default‑credential exposures. FortiGuard uncovered an undocumented n‑day vulnerability used by an Iranian‑linked actor to maintain footholds in...
Millions Impacted Across Several US Healthcare Data Breaches
Several U.S. healthcare providers disclosed massive data breaches that together affect millions of patients. The New York City Health and Hospitals Corporation reported a breach compromising 1.8 million records, while Erie Family Health Centers, Florida Physician Specialists, Coastal Carolina Health Care,...