CSO Online

Unpatched ChromaDB flaw leaves servers open to remote code execution

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...

BlueRock Open Sources MCP Python Hooks for Real-Time MCP Server Visibility

BlueRock today announced the open source release of BlueRock MCP Python Hooks, a lightweight runtime observability tool for Python. It captures MCP server activity by inspecting the protocol, ...

News Roundup: May 12, 2026 — Secure Code Warrior, NetSPI, Claude/AWS, Sembi

Agile software development has been around since the 1990s, but didn’t get the name until the famous meeting of 17 renowned ...

Mini Shai-Hulud worm injects disk wiper into Microsoft Azure PyPI package

Supply chain attacks with a Dune sci-fi saga branding continue to spread across the open-source ecosystem, with a Microsoft ...
Scientific American

NASA’s Apollo moon missions relied on this computer scientist and differential equations

It’s July 20, 1969. Neil Armstrong and Buzz Aldrin are about to land on the moon. They will be the first humans to set foot ...
The Hacker News

Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation

Google identified the first malicious AI use for a zero-day 2FA bypass in an open-source admin tool, accelerating threat ...

Running Claude Code or Claude in Chrome? Here's the audit matrix for every blind spot your security stack misses

Four research teams found the same confused deputy failure in Claude across three surfaces in 48 hours. This audit matrix ...
Outlook Business

A Million Projects: The Proof Behind Ulipsu’s Skill Education Model

Ulipsu’s embedded skill education model has enabled over a million student projects across 350+ schools in India and abroad.
Microsoft

From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence

A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...

Your TV's RS-232 port is a powerful automation tool - how to unlock it (and what it can do)

Your TV's RS-232 port is a powerful automation tool - how to unlock it (and what it can do) ...

"Copy Fail": Linux root in all major distributions with 732 bytes of Python

The discoverers have named the root vulnerability "Copy Fail". All major distributions since 2017 are affected.