CSO Online

Unpatched ChromaDB flaw leaves servers open to remote code execution

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...
InfoWorld

First look: Mojo 1.0 mixes Python and Rust

Milestone Mojo release reveals a systems programming language with precise control over memory, strong types, GPU programming ...

Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

One tool call to rule them all? New open source Python tool Runpod Flash eliminates containers for faster AI dev

With Flash GA, the company is attempting to transition from being a provider of raw compute to becoming the essential orchestration layer for the AI-first cloud.

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to ...
InfoWorld

An open-source toolkit for controlling out-of-control AI agents

Microsoft’s Agent Governance Toolkit brings runtime policy enforcement to autonomous agents, based on the OWASP top 10 agent ...
Developer Tech

Event-driven automation in job schedulers: What developers should know

Traditional job scheduling relied heavily on time-based execution, with cron jobs and hourly synchronisation being common in ...
SecurityWeek

Over 320 NPM Packages Hit by Fresh Mini Shai-Hulud Supply Chain Attack

A fresh Mini Shai-Hulud supply chain attack has hit over 320 NPM packages, along with GitHub Actions and a VS Code extension.
The Hacker News

GlassWorm Malware Takedown Disrupts Developer Supply Chain Attack Infrastructure

GlassWorm poisoned 300 GitHub repositories since 2025, enabling supply chain attacks against developers and organizations.
Las Vegas Sun

CoreWeave Sandboxes Launches to Accelerate Reinforcement Learning, Agent Tool Use, and Model Evaluation

The Essential Cloud for AI™, today announced CoreWeave Sandboxes, an execution layer that gives AI researchers and platform teams secure, isolated environments for running reinforcement learning (RL), ...