13-year-old bug in ActiveMQ lets hackers remotely execute commands

Security researchers discovered a remote code execution (RCE) vulnerability in Apache ActiveMQ Classic that has gone ...

Anyone can code with AI. But it might come with a hidden cost.

Apps and platforms allow novice and veteran coders to generate more code more easily, presenting significant quality and ...
SecurityWeek

Critical Flowise Vulnerability in Attacker Crosshairs

Threat actors have started exploiting CVE-2025-59528, a critical Flowise vulnerability leading to remote code execution.
The Hacker News

Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign

Over 1,000 exposed ComfyUI instances exploited via unauthenticated code execution, enabling Monero mining and botnet expansion.
Dark Reading

Automated Credential Harvesting Campaign Exploits React2Shell Flaw

An emerging threat cluster is exploiting vulnerable Web-exposed Next.js apps and using an automated tool to steal credentials ...
Infosecurity Magazine

How Security Leaders Can Safeguard Against Vibe Coding Security Risks

Infosecurity outlines key recommendations for CISOs and security teams to implement safeguards for AI-assisted coding ...

Techie Tonic: Two CISOs warn Axios breach changes supply chain trust model

Two CISOs dissect the Axios npm attack, revealing a self-erasing RAT, CI/CD compromise risks and why open-source software ...
TechJuice

Hackers Are Now Spreading Malware Using Claude Code Leak on GitHub

Hackers are exploiting Anthropic's accidental Claude Code source leak to distribute Vidar and GhostSocks malware through fake ...
The Hacker News

Microsoft Details Cookie-Controlled PHP Web Shells Persisting via Cron on Linux Servers

Cookie-gated PHP web shells enable persistent Linux RCE via cron-based re-creation, reducing detection in routine traffic ...
Hackaday

This Week In Security: The Supply Chain Has Problems

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...
IEEE

Determining software quality using code analysis metrics

Abstract: This paper addresses the evaluation of software quality through the use of code analysis metrics. Software quality is critical to ensuring functionality, reliability, and maintainability, ...