Langflow RCE exploited, JDY botnet expands U.S. military targeting, npm security hardened

Active exploitation of an unpatched Langflow path-traversal (CVE-2026-5027) enabling unauthenticated RCE and a China-linked JDY botnet expansion to 1,500+ SOHO/IoT devices targeting U.S. military networks represent immediate high-priority threats; the briefing also notes CISA additions to the KEV catalog (including CVE-2026-20245), GitHub/npm security hardening to counter supply-chain worms, and a new federal requirement to remediate critical vulnerabilities within 3 days. Recommended actions include isolating internet-facing Langflow instances, scanning and monitoring for JDY indicators, cross-referencing assets with CISA KEV, auditing npm dependencies, and validating patch SLAs.