Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...
Microsoft

When prompts become shells: RCE vulnerabilities in AI agent frameworks

New research exposes how prompt injection in AI agent frameworks can lead to remote code execution. Learn how these ...

Shai-Hulud keeps burrowing: 314 npm packages infected after another account compromise

Popular JavaScript modules including size-sensor and echarts-for-react hit as hijacked account closed GitHub warnings ...
Circuit Digest

Building a Voice-Controlled Drone with LiteWing using Python

The laptop connects directly to the drone through its Wi-Fi access point (AP), enabling wireless communication between the ...

OpenAI Codex is coming to mobile so you can build apps on the go

OpenAI just turned ChatGPT into a mobile hub for Codex, letting developers manage AI coding tasks right from their phones.
Nature

How to vibe code in science: early adopters share their tips

He was brainstorming ideas with an artificial-intelligence tool and getting it to code and create them quickly. Together, ...
InfoWorld

AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...

Hadrian Releases OpenHack, Democratizing AI Vulnerability Discovery

Hadrian today released OpenHack, a tool for AI-powered source code review that delivers high-quality results at a fraction of the cost of a human reviewer. Released under the MIT License, OpenHack ...
Tech Times

Vercel Labs’ Zero Compiler Speaks JSON to AI Agents: Closing the Human-Translation Gap in Agentic Coding Loops

Vercel Labs released Zero on May 15, 2026 — a low-level systems programming language whose compiler was built from the ground ...

Microsoft Self-Service Password Reset abused in Azure data theft attacks

A threat actor targeting Microsoft 365 and Azure production environments is stealing data in attacks that abuse legitimate ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...