Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to ...
Women's Wear Daily

Is ‘The White Lotus’ Season Four Taking on Cannes’ Shoe Dress Code Controversy?

It’s time to check back in to “The White Lotus.” For Season Four, Mike White is taking audiences to the Cannes Film Festival, and he might be incorporating one of the event’s dress code controversies ...

I built an offline Grammarly alternative and turned it into a Mac app without any coding

I used Claude to build myself a fully offline, and locally processed alternative to Grammarly. The first build took me less than 30 seconds and I didn't even have to see or write a line of code.
The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.
Tech Times

500 Poisoned Packages, Hundreds of Companies: TeamPCP’s Worm Just Reached GitHub

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate ...
CSO Online

Unpatched ChromaDB flaw leaves servers open to remote code execution

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...

What AI coding benchmarks still miss about software quality

AI coding benchmarks miss long-term code quality degradation from repeated iterative changes.

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...
Tech Times

Vercel Labs’ Zero Compiler Speaks JSON to AI Agents: Closing the Human-Translation Gap in Agentic Coding Loops

Vercel Labs released Zero on May 15, 2026 — a low-level systems programming language whose compiler was built from the ground ...
Martin Cid Magazine

An AI wrote a working zero-day exploit — Google caught it first

Google's Threat Intelligence Group says a criminal hacker group used a large language model to find a previously unknown flaw ...