InfoQ

GitHub Actions Custom Runner Images Reach General Availability

GitHub has just announced the availability of custom images for its hosted runners. They've finally left the public preview ...
CSO Online

Hackers exploit a critical Flowise flaw affecting thousands of AI workflows

The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...
InfoWorld

GitHub Copilot CLI adds Rubber Duck review agent

Rubber Duck uses a second model from a different AI family to evaluate the primary agent’s plans, question assumptions, and ...

Max severity Flowise RCE vulnerability now exploited in attacks

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...
InfoQ

Anthropic Accidentally Exposes Claude Code Source via npm Source Map File

Anthropic's Claude Code CLI had its full TypeScript source exposed after a source map file was accidentally included in ...
Dark Reading

AI-Assisted Supply Chain Attack Targets GitHub

PRT-scan is the second campaign in recent months where a threat actor has leveraged AI for automated targeting of a ...
Microsoft

Inside an AI‑enabled device code phishing campaign

A new wave of device code phishing shows how threat actors are scaling account compromise using AI and end‑to‑end automation.