PM This week in cybersecurity: botnets, RCE flaws, AI-driven attacks, stealers, and more. Fast, no-fluff roundup.

The design flaw in Flowise’s Custom MCP node has allowed attackers to execute arbitrary JavaScript through unvalidated ...

MCP is the MVP.

Infosecurity outlines key recommendations for CISOs and security teams to implement safeguards for AI-assisted coding ...

Build your first fully functional, Java-based AI agent using familiar Spring conventions and built-in tools from Spring AI.

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...

A cyber attack hit LiteLLM, an open-source library used in many AI systems, carrying malicious code that stole credentials ...

Cloudflare says dynamically loaded Workers are priced at $0.002 per unique Worker loaded per day, in addition to standard CPU ...

A vulnerability in the telnetd of GNU Inetutils allows attackers from the network to inject malicious code – without prior authentication. An update to patch the security hole is not yet available.

Search the term "peptides" and a long list of online retailer options will pop up. You'll be offered vials of molecules with funky names that sound like exoplanets: GHK-CU, CJC12-95, Thymosin Beta-4.