Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...
eWeek

Perplexity Launches ‘Personal Computer’ AI Assistant for Mac Users

Perplexity launches its “Personal Computer” AI assistant for Mac, enabling users to automate tasks across apps, files, and ...
The Hacker News

SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

CVE-2026-5760 (CVSS 9.8) exposes SGLang via /v1/rerank endpoint, enabling RCE through malicious GGUF models, risking server ...
CSO Online

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

A single unauthenticated connection gives attackers a full shell; credential theft observed in under three minutes on honeypot servers.

Anthropic won't own MCP 'design flaw' putting 200K servers at risk, researchers say

A design flaw – or expected behavior based on a bad design choice, depending on who is telling the story – baked into ...
DataBreachToday

Flurry of Supply-Chain Software Library Attacks

As supply-chain attacks against widely-used, open-source software repositories continue, experts are urging developers to not ...
iAfrica

Egyptian Startup Releases Open-Source AI Model That Outperforms Larger Global Rivals on Key Benchmarks

A Cairo-based artificial intelligence startup has released Horus 1.0-4B, a fully open-source large language model built in Egypt that outperforms several ...
CSO Online

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...
The Hacker News

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture ...

Do not fall for this fake Windows update support site. It’s spreading a password-stealing malware

Malwarebytes warns that a fake Microsoft support site is distributing password-stealing malware through a spoofed Windows update installerThe Latest Tech News, Delivered to Your Inbox ...
SecurityWeek

UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware

The threat actor infected victims with the Snow malware family – Snowbelt, Snowglaze, and Snowbasin – for persistent access.
eWeek

Factory Humanoid Clocks In at Siemens Plant

On the silicon side, Nvidia's tech let Humanoid slash hardware development from the usual 18–24 months to just seven months. Executives pitched the deployment as proof that factory-grade humanoids can ...