Google Protocol Buffers flaw turns schemas into shells

Data security startup Cyera is finalising a funding round of at least $300 million led by Evolution Equity Partners at a $12 billion valuation, according to sources familiar with the deal — just five months after raising a $400 million Series F at a $9 billion valuation led by Blackstone. The new round would bring Cyera’s total […]

Researchers have spent more than 15 years picking apart Satoshi Nakamoto’s emails, code commits, and PDF metadata, and what they found rarely surfaces in mainstream coverage. Researchers have combed through white paper PDF metadata, source code commits, private emails, forum archives, and blockchain data to build a picture of Bitcoin’s creator that goes well beyond […]

The cybersecurity company is nearing a $300 million round led by Evolution Equity Partners.

Enterprises using the lightweight, open-source Flowise platform to power self-hosted AI workloads now have a new near-max-severity issue to worry about. Researchers at Obsidian Security have detailed a one-click remote code execution (RCE) vulnerability affecting self-hosted Flowise deployments through its implementation of Model Context Protocol (MCP) stdio servers. The problem is essentially a sandboxing failure of attacker-controlled MCP configurations, leading to server-side code execution. “Post-auth RCE in Flowise can be triggered with a single click via a malicious chatflow import before any save or run,” the researchers said in a blog post. “The official patch relies on input validation that is trivially bypassed and fails to address the root cause.” Flowise is commonly used to develop internal AI assistants, retrieval-augmented generation (RAG) applications, customer-facing chatbots, and autonomous agents connected to business systems. The flaw does not affect Flowise Cloud, a

A free OpenAI tool now lets users verify whether an image was generated by AI, using hidden watermarks and metadata that survive screenshots, edits, and format changes.

As AI coding assistants accelerate software development, one OWASP-backed open-source project is arguing that dependency security tooling still arrives too late to be truly useful. CVE Lite CLI, a JavaScript and TypeScript dependency vulnerability scanner focused on local lockfile analysis, is positioning itself around a simple idea. Developers should see dependency risks while they are still writing code, not hours later inside a failing CI pipeline. “What developers are missing is early feedback at the point where the dependency decision is made,” Sonu Kapoor, creator and maintainer of the project, told CSO. According to Kapoor, traditional CI-centric workflows often disconnect developers from the dependency choices that introduced risk in the first place. CVE Lite CLI scans npm, pnpm, and Yarn lockfiles using OSV vulnerability data and claims to focus heavily on remediation guidance, including separating direct and transitive vulnerabilities, validating upgrade targets, and recommen

Keyword search breaks the moment a user types something a document doesn't literally say.

Google is updating its AI-powered search experience to surface richer context alongside results, including previews from public online discussions, social media, and firsthand community sources. Links will now display additional metadata such as creator names and community handles to help users evaluate credibility before clicking. The update also highlights links from a user’s existing news […]