AI & software security
-
Flowise RCE shows AI builder risk
A critical Flowise vulnerability shows how self-hosted AI builder tools can become infrastructure exposure through connectors, credentials, workflow imports, and server-side execution.
-
Red Hat packages hit npm supply chain
A reported Red Hat npm package compromise puts trusted namespaces, CI/CD publishing, cloud credentials, and developer secrets under fresh software supply-chain scrutiny.
-
France flags enterprise patch pressure
France’s cyber agency has flagged another heavy enterprise patch week, with infrastructure, identity, cloud, application, and security platforms all competing for risk-based remediation.
-
MPs press FCA over Palantir data risk
The FCA says its Palantir trial uses encrypted data under regulator control, but MPs and campaigners want clearer answers on US legal exposure, procurement dependency, and public-sector AI governance.
-
Who governs machine-speed cyber defence?
GCHQ’s AI defence case raises hard questions about how autonomy, oversight, private-sector data, procurement, and accountability will be governed in machine-speed cyber response.
-
Microsoft exposes npm dependency campaign
Microsoft has identified 33 malicious npm packages abusing dependency confusion. The campaign profiled developer environments and targeted the weak boundary between internal code and public package registries.
-
GCHQ sets out AI defence case
GCHQ has linked AI-enabled cyber defence to national resilience strategy. Its annual lecture placed cyber defence, data infrastructure, and public-service continuity inside the same strategic frame.