The Hacker News

Critical n8n Flaws Allow Remote Code Execution and Exposure of Stored Credentials

Two critical n8n flaws (CVSS 9.4, 9.5) enable RCE via expression sandbox escape and public forms, risking credential exposure.
GitHub

MCP Plexus: Secure, Multi-Tenant MCP Server Framework for Modern AI

Build powerful, scalable, and secure Model Context Protocol (MCP) applications with ease. MCP Plexus is a Python framework built on the robust jlowin/fastmcp (FastMCP 2.7) library, designed to empower ...
The Hacker News

Malicious npm Packages Harvest Crypto Keys, CI Secrets, and API Tokens

Cybersecurity researchers have disclosed what they say is an active "Shai-Hulud-like" supply chain worm campaign that has leveraged a cluster of at least 19 malicious npm packages to enable credential ...
Bleeping Computer

Hackers target Microsoft Entra accounts in device code vishing attacks

Once the user signs in, the device is able to get access tokens and refresh tokens as needed." This authentication flow is similar to what you see when logging into a streaming service, such as ...