TuxCare Expands Endless Lifecycle Support to Ruby 3.2, Node.js 20, and Django 4.2 Amid ...

New ELS offerings ensure continuous security patching and operational stability for widely used development frameworks ...

Top open source AI platform Flowise hit by maximum-level security issue

A 10/10 Flowise bug was patched, but is now being abused in the wild.
CSO Online

Hackers exploit a critical Flowise flaw affecting thousands of AI workflows

The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...
至顶头条 on MSN

互联网漏洞悬赏计划暂停奖励发放

互联网漏洞赏金计划(IBB)宣布暂停提交与奖励发放,管理方HackerOne表示正在重新评估开源安全的处理方式。该计划自2012年运行至今,已累计奖励超150万美元。随着AI技术加速漏洞发现,漏洞报告数量大幅增加,但修复能力未能同步跟上,导致原有80%用于漏洞发现、20%用于修复的资金分配模式难以为继。Node.js等项目已受到影响,Google和Curl项目也相继对AI生成的漏洞提交设限。