Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code.

The flaw allows injecting JavaScript code without any security checks and was publicly disclosed last September, with the warning that successful exploitation leads to command execution and file system access.

The problem is with the Flowise CustomMCP node allowing configuration settings to connect to an external Model Context Protocol (MCP) server and unsafely evaluating the mcpServerConfig input from the user. During this process, it can execute JavaScript without first validating its safety.

The developer addressed the issue in Flowise version 3.0.6. The latest current version is 3.1.1, released two weeks ago.

Flowise is an open-source, low-code platform for building AI agents and LLM-based workflows. It provides a drag-and-drop interface that lets users connect components into pipelines powering chatbots, automation, and AI systems.

It is used by a broad range of users, including developers working in AI prototyping, non-technical users working with no-code toolsets, and companies that operate customer support chatbots and knowledge-based assistants.

Caitlin Condon, security researcher at vulnerability intelligence company VulnCheck, announced on LinkedIn that exploitation of CVE-2025-59528 has been detected by their Canary network.

“Early this morning, VulnCheck’s Canary network began detecting first-time exploitation of CVE-2025-59528, a CVSS-10 arbitrary JavaScript code injection vulnerability in Flowise, an open-source AI development platform,” Condon warned.

Although the activity appears limited at this time, originating from a single Starlink IP, the researchers warned that there are between 12,000 and 15,000 Flowise instances exposed online right now.

However, it is unclear what percentage of those are vulnerable Flowise servers.

Condon notes that the observed activity related to CVE-2025-59528 occurs in addition to CVE-2025-8943 and CVE-2025-26319, which also impact Flowise and for which active exploitation in the wild has been observed.

Currently, VulnCheck provides exploit samples, network signatures, and YARA rules only to its customers.

Users of Flowise are recommended to upgrade to version 3.1.1 or at least 3.0.6 as soon as possible. They should also consider removing their instances from the public internet if external access is not needed.

Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.

This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.

Get Your Copy Now

The Berkeley biotech is backing a Nature-published approach that recreates the embryonic environment where blood stem cells first form, rather than reprogramming aged cells chemically or genetically. Its lead programme targets bone marrow transplant in blood cancers and has received FDA Orphan Drug Designation.

HexemBio has publicly launched with a $10.4 million seed round led by Draper Associates, with participation from SOSV, Seraphim, and other investors. The Berkeley and New York-based company is developing what it describes as the first blood stem cell rejuvenation therapy, built around a platform called the Synthetic Human Yolk Sac.

Rather than editing or chemically reprogramming aged haematopoietic stem cells, the technology temporarily places a patient’s own cells into a recreated version of the developmental environment where blood stem cells first emerge in the embryo, then returns them via standard IV infusion.

Haematopoietic stem cells sit deep in the bone marrow and give rise to every blood and immune cell in the human body. Their decline with age is linked to weakened immunity, chronic inflammation, and increased susceptibility to conditions including blood cancers and neurodegeneration.

Previous attempts to reverse this decline have typically involved transcription-factor reprogramming, cytokine treatments, or gene editing, approaches that can push cells into unstable states or carry safety risks HexemBio says its method sidesteps.

The Synthetic Human Yolk Sac recreates the microenvironment that generates the body’s first blood stem cells during early embryonic development. Foundational work supporting the platform was published in Nature in February 2024, by a team led by Mo Ebrahimkhani at the University of Pittsburgh, with Samira Kiani and Joshua Hislop among the authors. All three are now co-founders of HexemBio.

The company’s lead clinical programme targets bone marrow transplant in patients with blood cancers including acute myeloid leukaemia and acute lymphoblastic leukaemia.

HexemBio received FDA Orphan Drug Designation for this indication in July 2025 and completed its FDA Pre-IND meeting in January 2026. First-in-human trials are targeted for 2027.

Regulatory strategy focuses on bone marrow transplant outcomes because ageing itself is not currently recognised as a regulatory indication, a constraint that has shaped how several longevity-adjacent biotechs have structured their early clinical programmes.

The founding team spans MIT, UC Berkeley, Harvard, and Y Combinator. Gabriel Levesque Tremblay, a former YC founder and UC Berkeley postdoc, serves as CEO. Samira Kiani, a Presidential Early Career Award recipient who trained at MIT, is CTO.

Mo Ebrahimkhani, the inventor of the underlying technology and a pioneer in synthetic developmental biology, is CSO. Joshua Hislop, whose doctoral work contributed directly to the Nature publication, leads the company’s AI platform, which includes proprietary tools called YolkGPT and YolkScore. Samet Yildirim, a former YC founder with drug development experience at Boehringer Ingelheim, is chief business officer.

The advisory board includes Robert S. Langer, Institute Professor at MIT and co-founder of Moderna, who called the approach “fundamentally different from transcription-factor reprogramming or gene editing’ and said the early data were ‘extremely compelling.”

Further advisors include Peter Barton Hutt, former chief counsel of the FDA and current Moderna board member; Joanne Kurtzberg of Duke University, one of the leading bone marrow transplant clinicians in the US; David Harris, founder of the first public cord blood bank in the United States; Felipe Sierra, former director of the Division of Aging Biology at the NIH; Jens Nielsen, CEO of the BioInnovation Institute; and George Church, professor of genetics at Harvard Medical School and co-founder of Colossal Biosciences.

Seed funding will be used to complete IND-enabling studies and GMP manufacturing ahead of the 2027 trial target.

Google is sharpening its focus on mental health safety with a key update to its Gemini platform, introducing a “one-touch” crisis support feature designed to connect users with real-world help faster. The move is part of a broader push to ensure AI tools act responsibly in sensitive situations, especially when users may be experiencing distress.

At the core of this update is a redesigned safety mechanism that activates when Gemini detects signals of potential mental health crises, including self-harm or suicidal thoughts. Instead of continuing a standard AI conversation, the system shifts toward immediate intervention. Users are presented with a simplified interface that allows them to instantly reach out to professional support through calls, texts, live chat, or official crisis hotline websites.

What makes this approach notable is its persistence

Once the one-touch interface is triggered, access to crisis support remains visible throughout the conversation, ensuring users are continually encouraged to seek human help rather than relying solely on AI-generated responses. The design prioritizes urgency and ease of access, reducing friction at moments when quick action can be critical.

This update reflects a growing recognition that AI must do more than provide information – it must actively guide users toward safe outcomes. Google says the system has been developed in collaboration with clinical experts, ensuring that responses are structured to encourage help-seeking behavior without reinforcing harmful thoughts or actions.

Importantly, Gemini is also being trained to avoid validating dangerous beliefs or behaviors

Instead, it aims to gently redirect users, distinguish between subjective feelings and objective reality, and prioritize connections to real-world resources. This balance between responsiveness and restraint is central to the platform’s evolving safety framework.

The significance of this feature lies in its potential real-world impact. With over one billion people globally affected by mental health challenges, digital tools like Gemini are increasingly becoming the first points of contact during vulnerable moments. By embedding a one-touch pathway to professional support, Google is attempting to bridge the gap between online interaction and offline care.

For users, this means faster, more direct access to help when it matters most. The update reduces the burden of searching for resources and ensures that support options are presented clearly and immediately.

Looking ahead, Google plans to continue refining these guardrails through ongoing research, testing, and collaboration with mental health professionals. As AI becomes more integrated into everyday life, features like one-touch crisis support could play a crucial role in shaping how technology responds to human vulnerability – prioritizing safety, accountability, and real-world connection over convenience alone.

What we think

Google’s AI mental health features feel like a step in the right direction, especially with tools that quickly guide users toward real-world help. The one-touch crisis support and improved responses show a clear intent to prioritize safety over engagement.

But there’s an inherent limitation here – AI can assist, but it cannot replace human empathy, clinical judgment, or long-term care. For someone in distress, a well-timed prompt helps, but it’s not a solution. These tools work best as bridges, not endpoints. The real challenge is ensuring users don’t stop at AI interaction and actually reach professional support when it truly matters.

An international operation from law enforcement authorities in partnership with private companies has disrupted FrostArmada, an APT28 campaign hijacking local traffic from MikroTik and TP-Link routers to steal Microsoft account credentials.

The Russian threat group APT28, also tracked as Fancy Bear, Sofacy, Forest Blizzard, Strontium, Storm-2754, and Sednit, has been linked to Russia’s General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165.

In the FrostArmada attacks, the hackers compromised mainly small office/home office (SOHO) routers and altered the domain name system (DNS) settings to point to virtual private servers (VPS) under their control, which acted as DNS resolvers.

This allowed APT28 to intercept authentication traffic to targeted domains and steal Microsoft logins and OAuth tokens.

At its peak in December 2025, FrostArmada infected 18,000 devices across 120 countries, primarily targeting government agencies, law enforcement, IT and hosting providers, and organizations operating their own servers.

Microsoft, whose services were targeted by this campaign, worked together with Black Lotus Labs (BLL), Lumen’s threat research and operations division, to map the malicious activity and identify victims.

With support from the FBI, the U.S. Department of Justice, and the Polish government, the offending infrastructure has been taken offline.

FrostArmada activity

The attackers targeted internet-exposed routers, primarily MikroTik and TP-Link, as well as some firewall products from Nethesis and older Fortinet models.

Once compromised, the devices communicated with the attackers’ infrastructure and received DNS configuration changes that redirected traffic to malicious VPS nodes.

The new DNS settings were automatically pushed to internal devices via the Dynamic Host Configuration Protocol (DHCP).

When clients queried authentication-related domains the threat actor targeted, the DNS server returned the attacker’s IP instead of the real one, redirecting victims to an adversary-in-the-middle (AitM) proxy.

The only visible sign of fraud for the victim would have been a warning for an invalid TLS certificate, which could have easily been dismissed. However, ignoring the alert gave the threat actor access to the victim’s unencrypted internet communication.

“The actor essentially ran a proxy service as the AitM that the end user was directed to via DNS,” Lumen’s Black Lotus Labs researchers explain.

“The only sign of this attack would be a pop-up warning about connecting to an untrusted source because of the ‘break and inspect’ configuration.”

“If warnings were present and ignored or clicked through, the actor proxied requests to the legitimate services, collecting the data at the midpoint and collecting data associated with the targeted account by passing the valid OAuth token.”

In some cases, though, the hackers spoofed DNS responses for certain domains, thus forcing affected endpoints to connect to the attack infrastructures, Microsoft says in a report today.

Lumen reports that FrostArmada operated in two distinct clusters, one called the ‘Expansion team’ dedicated to device compromise and botnet growth, and the second handling the AiTM and credential collection operations.

The researchers report that FrostArmada activity increased sharply following an August 2025 report from the National Cyber Security Centre (NCSC) in the UK describing a Forest Blizzard toolset that targeted Microsoft account credentials and tokens.

Microsoft confirmed that APT28 carried out AitM attacks against domains associated with the Microsoft 365 service, as subdomains for Microsoft Outlook on the web have also been targeted.

Additionally, the company observed this activity on servers belonging to three government organizations in Africa that were not hosted on Microsoft infrastructure. In those attacks, “Forest Blizzard intercepted DNS requests and conducted follow-on collection.”

Black Lotus Labs also observed the threat actor targeting entities with on-premise email servers and “a small number of government organizations” in North Africa, Central America, and Southeast Asia.

The researchers note that “there was also a connection to a national identity platform in one European country.”

In a report today, the UK agency says that the AitM activity impacted both browser sessions and desktop applications, and the DNS hijacking is believed to have been opportunistic in nature to build a large pool of potential targets and then filtering those of interest.

Black Lotus Labs has published a small set of indicators of compromise for the VPS servers used during the FrostArmada campaign:

The researchers note that defenders should implement certificate pinning for corporate devices (laptops, mobile phones) controlled via an MDM solution, which would generate an error when the attacker tries to intercept and analyze traffic on their VPS infrastructure.

Another recommendation is to minimize the attack surface through patching, limiting exposure on the public web, and removing all end-of-life equipment.

Microsoft and the NCSC also provide a list of IoCs and protection guidance to help defenders identify and prevent DNS hijacking attacks.

Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.

This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.

Get Your Copy Now

Cloud services like Google Drive and iCloud are fantastic – they let me access my most important files from any device, anywhere – but the free storage is never enough. 

Google offers 15GB while Apple offers an even more paltry 5GB of storage – but even the biggest ‘free’ tier isn’t enough for the vast majority of users with thousands of photos and videos, countless files and more to keep safe. 

So what do you do? You start paying, of course. It starts off cheap with the lowest tier paid option – £1.59/$1.99 for 100GB, in the case of Google’s cloud storage – and that’s enough to tide you over. For a while, anyway. 

As sure as day follows night, over time, you’ll begin to fill all that storage space back up – even if you delete files you no longer need. Slowly, all those holiday snaps, videos of nights out, and even work documents, all add up.

And with both Google and Apple, it also includes storage linked to associated services like Gmail or iCloud, so any large files you receive in your inbox further add to your quota.

Again, you have no choice but to upgrade to the next tier of storage, which for Google, is 200GB for £2.49/$2.99 per month. That’s not bad, but go above that limit and you’ll face a massive jump not only in storage but also in monthly cost, at a whopping £7.99/$9.99 per month for 2TB. 

Like our growing storage needs, it adds up over time. That’s just under £96/$120 per year if you pay for the 2TB option monthly, just to store your files.

And so on, and so on. It’s a never-ending loop of filling up storage and paying for more. It’s either that or say goodbye to years of precious memories. 

Pay up, or lose access

The worst part about Google and Apple’s monopoly on the cloud storage market is that they don’t just handle storage – they’re central to the digital experience for many of us. Google, for example, handles not just Drive but Gmail, Docs, Sheets and more, while Apple similarly handles iCloud email, iMessage and the like.

That may not sound like a big problem – one subscription covers multiple apps, after all – but it is once you start running out of storage. 

Advertisement

Advertisement

No matter whether you’re in camp Apple or Google, if you run out of storage or miss a monthly payment, you don’t just lose the ability to upload new files to your cloud storage – it also locks you out of other services. 

That means no access to Gmail or iMessage if you don’t pay up, and those are pretty central to the online experience for many. 

That’s too much power for my liking – but what was I supposed to do? I have over 30,000 photos and 5,000 videos tied to my Google Drive account, as well as thousands of emails linked to my Gmail over the years. The answer was simple in the end; get a NAS drive.   

UGreen’s latest NAS is the perfect remedy

NAS drives were all the rage in computing before the days of cloud storage, offering oodles of local storage accessible via your home network. But despite a lull in interest over the past few years, the hardware is more capable than ever. 

Advertisement

That’s certainly the case with the UGreen NASync DH4300 Plus, which was released at the tail-end of 2025. 

Advertisement

The bigger brother to the DH2300, the DH4300 Plus is a four-bay SATA NAS drive that supports up to 120TB of storage – 30TB per drive – for frankly massive amounts of storage. It’s powered by an 8-core processor and sports 8GB of RAM to keep things running smoothly, and its 2.5GbE LAN port boasts transfer speeds of up to 312.5MB/s depending on your home setup. Safe to say, it’s a bit of a beast. 

But despite its intimidating spec sheet, it was an absolute breeze to set up; all I had to do was insert the HDDs, plug it into my router via the provided high-speed Ethernet cable and power it on. From there, everything else was handled via the UGreen NAS companion app, and setup took no more than a couple of minutes – a far cry from the early days of NAS drive networking setup. 

That’s when I could start, what I affectionately called Operation Get Away From Google Drive As Soon As Possible, or OGAFGDASAP. Catchy, I know.

Advertisement

Getting out from Google’s clutches

This part was surprisingly easy; thanks to EU rules (gotta love the Europeans), cloud storage providers like Google and Apple have to make it easy to either download all your data or transfer it to another (ideally cheaper) service. 

Advertisement

For me, that meant going to Google Takeout, selecting the data I wanted to download – my Google Photos library and my Drive contents – and requesting a download link. Once I had the link, I downloaded the (frankly massive) nearly 300GB of data on my PC, and extracted the ZIP files to my NAS drive via my home network. 

But why stop at Google? I also pay for iCloud storage for when I’m testing the best iPhones, and that isn’t all that often, so I repeated the process, this time with iCloud. 

Now, that did introduce a few issues – the biggest being duplicate photos where the images were backed up on both Apple and Google cloud servers – but UGreen likely anticipated this issue. There’s baked-in AI accessible via the companion app on both PC and mobile that lets you easily identify and delete duplicate photos. It cleared nearly 10,000 duplicate images for me in the space of a few minutes. 

Advertisement

Now, all I have to do is open the UGreen companion app on my phone, and all my photos and videos are there waiting for me, complete with features like custom folders and facial recognition we’ve come to expect from the big platforms. 

And despite being linked to my home network, I can access my files from anywhere with an internet connection via UGreen’s cloud service network. It doesn’t actually store your files in the cloud; rather, it just provides cloud-based access to the drive, which means you don’t need to faff around with port forwarding as you do with more basic drives. 

Advertisement

Not just for network storage either

Now the beauty of the UGreen NASync DH4300 Plus is that it’s not just for network storage. With a fairly powerful spec under the hood, the NAS drive can also run full apps that can massively expand what it can do.

It meant that, rather than splashing out £112 for a Home Assistant Green to get more advanced control over my smart home tech, I could install and run it directly from my NAS drive – with great results, might I add.

It’s not the only app either; there’s actually an app store accessible via the app that gives you access to a range of apps including a Google Docs, Sheets and Slides alternative called Online Office that you can access via browser from any PC, further reducing my reliance on Google’s cloud-based services. 

Advertisement

There’s also Docker support, so depending on your level of tech knowledge, you can run other custom apps directly from the NAS.

Advertisement

Yes, it’s an expensive upfront cost, but it’ll save you a lot in the long run, and with the UGreen DH4300 Plus specifically, there’s much more to it than simply acting as a way to back up your photos and videos. Goodbye, Google Drive. I definitely won’t miss you.