A critical flaw in Python tool Marimo was exploited within 10 hours of disclosure, researchers report, highlighting how quickly attackers are now turning vulnerability advisories into real-world ...

Marimo CVE-2026-39987 exploited within 10 hours of disclosure, enabling unauthenticated RCE and credential theft, emphasizing urgent patching needs.

A threat actor started exploiting CVE-2026-39987, an unauthenticated RCE vulnerability in Marimo, nine hours after public disclosure.

DPRK-linked actors use GitHub C2 and LNK phishing in South Korea, enabling persistent PowerShell control and data ...

Spread the loveIntroduction In a shocking revelation, Drift, a decentralized exchange operating on the Solana blockchain, disclosed that it fell victim to a staggering $285 million theft on April 1, ...

Anthropic is scrambling to contain the leak, but the AI coding agent is spreading far and wide and being picked apart.

There are plenty of drones (and other gadgets) you can buy online that use proprietary control protocols. Of course, ...

Four vulnerabilities in CrewAI could be chained together via prompt injection for sandbox escape, remote code execution, and ...

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver ...

The widely used Axios HTTP client library, a JavaScript component used by developers, was recently hacked to distribute ...

TeamPCP strikes again, with almost identical code to LiteLLM.

Washington — Iran-linked hackers on Friday claimed they had accessed FBI Director Kash Patel's personal email inbox, publishing photographs of the director and other documents to the internet. On ...