Security News This Week: Moltbook, the Social Network for AI Agents, Exposed Real Humans’ Data

Plus: Apple’s Lockdown mode keeps the FBI out of a reporter’s phone, Elon Musk’s Starlink cuts off Russian forces, and more.
SecurityWeek

Critical N8n Sandbox Escape Could Lead to Server Compromise

A critical n8n flaw could allow attackers to use crafted expressions in workflows to execute arbitrary commands on the host.
InfoWorld

Beyond NPM: What you need to know about JSR

Here's how the JavaScript Registry evolves makes building, sharing, and using JavaScript packages simpler and more secure ...

Critical n8n flaws disclosed along with public exploits

Multiple critical vulnerabilities in the popular n8n open-source workflow automation platform allow escaping the confines of ...
InfoWorld

Google unveils API and MCP server for developer documentation

Developer Knowledge API and Model Context Protocol server. Together connect AI agents to Google’s developer and Google Cloud ...

Critical React Native Metro dev server bug under attack as researchers scream into the void

Too slow react-ion time Baddies are exploiting a critical bug in React Native's Metro development server to deliver malware ...
SecurityWeek

Cryptominers, Reverse Shells Dropped in Recent React2Shell Attacks

The majority of the 1.4 million React2Shell exploitation attempts GreyNoise saw in a week deployed cryptominers and reverse ...

Verifying Gaza footage after 20 reported killed in Israeli strikes

Our verification team have been analysing new footage of body bags and mourners in Gaza after at least 20 Palestinians were ...

5 Leading Legacy Software Modernization Companies for Enterprise Transformation

Devox, founded in 2018, may be the youngest here, but its 92% NPS and 5-star Clutch score tell a story. The firm blends legacy refactor work with financial transparency systems that track cloud costs, ...
The Hacker News

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.

Google’s Mueller Calls Markdown-For-Bots Idea ‘A Stupid Idea’

Google Search Advocate John Mueller pushed back on the idea of serving raw Markdown files to LLM crawlers, raising technical concerns on Reddit and calling the concept “a stupid idea” on Bluesky.