InfoWorld

First look: Mojo 1.0 mixes Python and Rust

Milestone Mojo release reveals a systems programming language with precise control over memory, strong types, GPU programming ...
InfoWorld

IBM and Red Hat want to become the ‘security clearinghouse’ for open source applications in the enterprise

The $5 billion Project Lightwell initiative combines AI systems with 20,000 engineers to deliver validated fixes directly ...
CSO Online

Unpatched ChromaDB flaw leaves servers open to remote code execution

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...
The Hacker News

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.

Coordinated operation takes down Glassworm botnet

The Glassworm botnet, a global operation targeting software developers through the open-source supply chain, was disrupted ...

BlueRock Open Sources MCP Python Hooks for Real-Time MCP Server Visibility

BlueRock today announced the open source release of BlueRock MCP Python Hooks, a lightweight runtime observability tool for Python. It captures MCP server activity by inspecting the protocol, ...

Error in Docker Model Runner allows sandbox escape on macOS

If attackers successfully exploit a security vulnerability in Docker on macOS, they can break out of the sandbox and execute ...

GitHub investigating cyberattack linked to malicious VS Code extension and leaked internal repositories

GitHub is investigating a cyberattack linked to a malicious VS Code extension after hackers allegedly accessed thousands of ...
CSO Online

GlassWorm falls, but the repo problem is far from solved

CrowdStrike, Google, and the Shadowserver Foundation dismantled the GlassWorm malware operation, but experts say the broader ...

Linus Torvalds is fed up with AI-generated bug reports bloating the Linux kernel

In his weekly state of the kernel update, Torvalds noted that the new RC5 is much larger than any other RC5 in recent memory, and he ...
The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.