Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.

Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware ...

Over 1,000 exposed ComfyUI instances exploited via unauthenticated code execution, enabling Monero mining and botnet expansion.

Is it time to go green?

A critical pre-authentication remote code execution (RCE) vulnerability in Marimo is now under active exploitation, leveraged ...

The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says.

A multi-tenant authentication gap in Microsoft’s AI operations agent exposed live command streams, internal reasoning, and ...

Google launches AI agent suite at Cloud Next 2026 with Workspace Studio, A2A protocol at 150 orgs, and Project Mariner. The pitch: only Google owns the full stack.

Discover how a hacker exploited Claude and ChatGPT to breach government agencies. Learn about the AI-driven tactics used to ...

Cybersecurity researchers have uncovered a Belarus-based software platform which is helping SIM farm operators support cybercrime on an “industrial scale.” In a new report published yesterday on April ...

Economist Scott Cunningham showed the Fed how AI agents can replicate studies for $11—and why the same tools could erode the ...