CSO Online

Hackers exploit a critical Flowise flaw affecting thousands of AI workflows

The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...
ZDNet

Tor team warns of Tor Browser bug that runs JavaScript on sites it shouldn't

I wore the world's first HDR10 smart glasses TCL's new E Ink tablet beats the Remarkable and Kindle Anker's new charger is one of the most unique I've ever seen Best laptop cooling pads Best flip ...
The Hacker News

Adobe Patches Actively Exploited Acrobat Reader Flaw CVE-2026-34621

Adobe patches CVE-2026-34621 after active exploitation since Dec 2025, preventing remote code execution via malicious PDFs.
Security Boulevard

Fuzzing to Zero-Day: Pwning V8CTF With TurboFan Type Confusion, CVE-2025-2135

The bug was assigned CVE-2025-2135, and we successfully used it to pwn Google’s V8CTF as a zero-day. The root cause lies in TurboFan’s InferMapsUnsafe() function, which fails to handle aliasing when ...
CSOonline

Contagious Interview turns VS Code into an attack vector

Threat actors behind the campaign are abusing Microsoft Visual Studio Code’s trusted workflows to execute and persist malicious code. Threat actors behind the long-running Contagious Interview ...
InfoWorld

Microsoft enlists Mozilla to speed up JavaScript in Windows 10

Microsoft is looking to improve Web performance in Windows 10 by bringing in Mozilla’s asm.js JavaScript subset, for inclusion in Microsoft’s Chakra JavaScript engine. A post in the IEBlog Wednesday ...