Critical Vulnerability In Flowise Allows Remote Command Execution Via MCP Adapters
A critical vulnerability in Flowise and multiple AI frameworks has been discovered by OX Security, exposing millions of users to remote code execution (RCE). The…
Month: April 2026
Cloud deployment firm Vercel breached, advises secrets rotation
Cloud application deployment platform Vercel said it has suffered a security incident that involves unauthorised access to some of its internal systems, and is advising…
Weak vs. Strong AI Rollouts
I get to see and help with a lot of Anterprise AI rollouts. Some are brilliant, but most (even in 2026) are surprisingly bad. I’ve…
Guide: How to Know if your ScreenConnect Server is Hacked
You’ve probably seen it by now, but there was a major ConnectWise ScreenConnect vulnerability (CVE-2024-1708 and CVE-2024-1709) – which we’re calling “SlashAndGrab” – that’s been…
Apple account change alerts abused to send phishing emails
Apple account change notifications are being abused to send fake iPhone purchase phishing scams within legitimate emails sent from Apple’s servers, increasing legitimacy and potentially…
Services Australia tips virtual desktop consolidation
Services Australia has signalled a potential consolidation of virtual desktop technology, both for the agency directly and to departments that it provides IT shared services…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 93
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape CPU-Z / HWMonitor watering hole infection…
Attacking MSSQL Servers, Pt. II
The Attack On February 8, 2024, Huntress published the first Attacking MSSQL Servers blog post. On February 23, a Huntress SOC analyst observed similar activity…
Vercel confirms breach as hackers claim to be selling stolen data
Cloud development platform Vercel has disclosed a security incident after threat actors claimed to have breached its systems and are attempting to sell stolen data.…
Cyber attacks fuel surge in cargo theft across logistics industry
Cyber attacks fuel surge in cargo theft across logistics industry Pierluigi Paganini April 19, 2026 Hackers infiltrate logistics firms to steal cargo and divert payments,…
Navigate SocGholish with Huntress | Huntress
In an era where cyber threats like SocGholish are becoming increasingly sophisticated, understanding and combating these attacks is crucial for digital safety. This post delves…
NIST to stop rating non-priority flaws due to volume increase
The National Institute of Standards and Technology will stop assigning severity scores to lower-priority vulnerabilities due to the growing workload from rising submission volumes. Starting…