The Hacker News

UNC6692 Impersonates IT Helpdesk via Microsoft Teams to Deploy SNOW Malware

UNC6692 has been attributed to a large email campaign that's designed to overwhelm a target's inbox with a flood of spam ...

Another npm supply chain worm is tearing through dev environments

Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as ...
CSO Online

Azure SRE Agent flaw lets outsiders silently eavesdrop on enterprise cloud operations

A multi-tenant authentication gap in Microsoft’s AI operations agent exposed live command streams, internal reasoning, and ...

Update Now: Serious GitLab Security Bugs Could Lead to System Takeovers

The government has issued a warning about serious security flaws in GitLab, cautioning organizations about potential risks to ...
TMCnet

Bybit AI Expands to Infrastructure Layer with Official MCP Release for Multi-Agent Trading

As artificial intelligence becomes central to modern trading workflows, traditional exchange infrastructure optimized for ...
SecurityWeek

Mirax RAT Targeting Android Users in Europe

Mirax RAT, a sophisticated MaaS mainly used by Russian-speaking threat actors, is targeting Android users in Europe.

Attackers are targeting the Python notebook Marimo

Marimo is an integrated development environment for Python that combines code, results, visualizations, and documentation.

Critical Marimo pre-auth RCE flaw now under active exploitation

A critical pre-authentication remote code execution (RCE) vulnerability in Marimo is now under active exploitation, leveraged ...
The Hacker News

Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

Marimo CVE-2026-39987 exploited within 10 hours of disclosure, enabling unauthenticated RCE and credential theft, emphasizing urgent patching needs.
SecurityWeek

Critical Marimo Flaw Exploited Hours After Public Disclosure

A threat actor started exploiting CVE-2026-39987, an unauthenticated RCE vulnerability in Marimo, nine hours after public ...

Here are the OpenClaw security risks you should know about

OpenClaw can browse the web, run shell commands, and send emails on your behalf, but it comes with documented security risks that every user should understand before deploying it.