CSO Online

Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...
InfoWorld

Pyrefly 1.0: A fast, forward-looking Python linter

Meta’s Rust-powered linter and type checker for Python pairs blazing speed with advanced and innovative features.

'Please do not vibe f$%& up this software': Broken backups spark AI coding row in rsync project

Users investigating backup failures discover dozens of Claude-assisted commits, but veteran engineer retorts: 'I did not just ...
Dark Reading

Attackers Use AI to Automate EDR Evasion Testing

Python scripts were used to test malware against endpoint detection and response agents from Sophos, CrowdStrike, and Windows ...
CSO Online

Unpatched ChromaDB flaw leaves servers open to remote code execution

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...
Dark Reading

With Complex Cloud Integrations, Small Errors Lead to Major Compromises

Cybersecurity researchers create a five-step exploit chain using over-permissioned roles, secrets discovery, and NHIs to attack a popular low-code service.

Can we speed up California’s vote count already?

Alexander believes votes can — and should — be counted faster. A slow tally, she said, “undermines voter confidence,” leads ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...
Tech Times

llama.cpp GGUF Parser Flaws: Critical Integer Overflow Enables Arbitrary Reads in Every Local AI Stack

GGUF parser vulnerabilities disclosed May 15, 2026 include a critical integer overflow that lets any malicious model file ...

The Agentic Reckoning: Enterprise AI organizations have a runtime problem, not a model problem — and most are building the wrong solution

VentureBeat surveyed 132 enterprise AI leaders: the production failure point isn't the model — it's the runtime layer most ...

CAEVES: The startup that wants to make your 30-year-old files talk to Copilot

Sofia in late March was colder than anyone packed for. The 67th edition of The IT Press Tour had landed in the Bulgarian ...
Infosecurity Magazine

Chinese-Speaking Actor TA4922 Widens Its Global Reach

According to new analysis from Proofpoint, the actor, tracked as TA4922, is financially motivated and focused on gaining ...