Max severity Flowise RCE vulnerability now exploited in attacks

Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for ...

LinkedIn secretly scans for 6,000+ Chrome extensions, collects data

A new report dubbed "BrowserGate" warns that Microsoft's LinkedIn is using hidden JavaScript scripts on its website to scan ...
Hackaday

Hackaday Links: March 29, 2026

Whether it’s a new couch or a rare piece of hardware picked up on eBay, we all know what it feels like to eagerly await a delivery truck. But the CERN researchers involved in a delivery ...
CNBC

OpenAI to create desktop super app, combining ChatGPT app, browser and Codex app

OpenAI will combine its web browser, ChatGPT app and Codex app into a singular desktop super app. Fidji Simo, OpenAI's CEO of Applications, will oversee the change with assistance from OpenAI ...
Visual Studio Magazine

Visual Studio Code 1.112 Adds Integrated Browser Debugging, More Copilot CLI Control

VS Code 1.112 shipped March 18 with expanded Copilot agent autonomy controls. A new Autopilot permission level lets Copilot CLI run tasks without user approval dialogs. MCP server sandboxing restricts ...
Ars Technica

Switch 2’s new “Handheld Mode Boost” can run original Switch games at 1080p

The Nintendo Switch 2’s backward-compatibility with Switch games is generally pretty good, and a few games have gotten patches from their developers to allow them to take advantage of the higher ...
Ars Technica

Supply-chain attack using invisible code hits GitHub and other repositories

Researchers say they’ve discovered a supply-chain attack flooding repositories with malicious packages that contain invisible code, a technique that’s flummoxing traditional defenses designed to ...