Hackers are exploiting a critical vulnerability in Marimo reactive Python notebook to deploy a new variant of NKAbuse malware ...

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...

Google is rolling out Skills to the Gemini sidebar in Chrome, letting you save any prompt—as simple as "summarize this tab" ...

Although executed by different attackers – Axios by North Korean-linked goons, and Trivy et al. by a loosely knit band of ...

The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says.

Alpaca rolled out version 2 of its MCP Server, marking overhaul of platform that connects artificial intelligence assistants ...

Despite tariffs and parts shortages, the server market reached a record $125.3 billion dollars in revenue during the fourth quarter of 2025, driven by the accelerated investment in AI Infrastructure, ...

The maintainer account for the axios package on npm was compromised to inject a remote access trojan for Windows, macOS, and Linux.

PM This week in cybersecurity: botnets, RCE flaws, AI-driven attacks, stealers, and more. Fast, no-fluff roundup.

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.

Truelist releases 20+ free, open-source SDKs and framework integrations for email validation — Node, Python, React, ...