InfoWorld

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says.

Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from ...
Security Boulevard

Stateless Hash-Based Signatures for AI Model Weight Integrity

You gotta build a "digital twin" of the mess you're actually going to deploy into, especially with stuff like mcp (model context protocol) where ai agents are talking to data sources in real-time.

Critical Marimo pre-auth RCE flaw now under active exploitation

A critical pre-authentication remote code execution (RCE) vulnerability in Marimo is now under active exploitation, leveraged ...
The Hacker News

N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

Over 1,700 malicious packages since Jan 2025 fuel cross-ecosystem supply chain attacks, enabling espionage and financial ...
Louder

"There are a lot of people who don't seem interested or even notice that the world's on fire." Puscifer's Maynard James Keenan and Carina Round discuss soundtracking …

Every time Keenan picks up his phone, he’s reminded of the resounding grimness of modern times, constantly reminded of our ...