Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

CVE-2026-5760 (CVSS 9.8) exposes SGLang via /v1/rerank endpoint, enabling RCE through malicious GGUF models, risking server ...

The tiny editor has some big features.

The new kit aims to address risks related to poisoned models, regulatory issues, supply chain integrity, and incident ...

A threat group tracked as UNC6692 uses social engineering to deploy a new, custom malware suite named 'Snow' which includes a ...

AI chatbots make it possible for people who can’t code to build apps, sites and tools. But it’s decidedly problematic.

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who have found exploitable instances in many commercial services and open-source ...

Learn essential IT skills for jobs in 2026, including Python, SQL, cloud computing, cybersecurity, and beginner tech skills ...

OX Security confirmed arbitrary command execution on six live platforms and estimates 200,000 MCP servers are exposed. Here's ...

If OpenAI can accidentally train its flagship model to obsess over goblins, what other more subtle and potentially harmful ...

The critical "Copy Fail" bug (CVE-2026-31431) affects all Linux kernels since 2017, allowing unprivileged local users to gain ...