CSO Online

Hackers exploit a critical Flowise flaw affecting thousands of AI workflows

The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...
The Hacker News

Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign

Over 1,000 exposed ComfyUI instances exploited via unauthenticated code execution, enabling Monero mining and botnet expansion.

Y Combinator’s CEO says he ships 37,000 lines of AI code per day. A developer looked under the hood

After Garry Tan touted his agentic coding output, a developer found inefficiencies, code bloat, and rookie mistakes lurking ...

Hackers compromise popular Axios Javascript library with hidden malware

The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute ...
GitHub

NVIDIA Claude Code Proxy

NVIDIA Claude Code Proxy is an open-source project that enables developers to use the powerful Claude Code CLI tool with NVIDIA's extensive model catalog through the NVIDIA API Catalog. By routing ...
Bleeping Computer

AppsFlyer Web SDK hijacked to spread crypto-stealing JavaScript code

The AppsFlyer Web SDK was temporarily hijacked this week with malicious code used to steal cryptocurrency in a supply-chain attack. The payload can intercept cryptocurrency wallet addresses entered on ...
GitHub

[BUG] Cowork Windows: API unreachable behind corporate proxy — regression from working state (was working until Feb 26, 2026)

2026-03-09 16:12:40 [error] [growthbook] fetch failed: Error: net::ERR_PROXY_CONNECTION_FAILED 2026-03-09 16:12:40 [error] [SkillsPlugin] Sync failed: net::ERR_PROXY_CONNECTION_FAILED 2026-03-10 18:03 ...
Ars Technica

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...