Hackaday

This Week In Security: ID Breaches, Code Smell, And Poetic Flows

Discord had a data breach back on September 20th, via an outsourced support contractor. It seems it was a Zendesk instance that was accessed for 58 hours through a compromised contractor user account.
VentureBeat

Meta’s new CWM model learns how code works, not just what it looks like

Meta’s AI research team has released a new large language model (LLM) for coding that enhances code understanding by learning not only what code looks like, but also what it does when executed. The ...
The Hacker News

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

A security weakness has been disclosed in the artificial intelligence (AI)-powered code editor Cursor that could trigger code execution when a maliciously crafted repository is opened using the ...
CSOonline

Cursor’s autorun lets hackers execute arbitrary code

Oasis Security has uncovered a flaw in the widely used AI-powered code editor Cursor that lets malicious repositories silently execute code the moment a developer opens them. According to a disclosure ...
GitHub

MCP server for Unreal Engine that uses Unreal Python Remote Execution

This server does not require installing a new UE plugin as it uses the built-in Python remote execution protocol. Adding new tools/features is much faster to develop ...
Bleeping Computer

CISA warns of actively exploited Git code execution flaw

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of hackers exploiting an arbitrary code execution flaw in the Git distributed version control system. The agency has added the ...
The Hacker News

Pre-Auth Exploit Chains Found in Commvault Could Enable Remote Code Execution Attacks

Commvault has released updates to address four security gaps that could be exploited to achieve remote code execution on susceptible instances. The list of vulnerabilities, identified in Commvault ...
TechCrunch

Microsoft brings OpenAI’s smallest open model to Windows users

Microsoft is making OpenAI’s new free and open GPT model, gpt-oss-20b, available to Windows 11 users via Windows AI Foundry, the tech giant’s platform that lets users tap AI features, APIs, and ...
Searchenginejournal.com

Why OpenAI’s Open Source Models Are A Big Deal

OpenAI has released two new open-weight language models under the permissive Apache 2.0 license. These models are designed to deliver strong real-world performance while running on consumer hardware, ...
Computerworld

OpenAI challenges rivals with Apache-licensed GPT-OSS models

OpenAI has released its first open-weight language models since GPT-2, marking a significant strategic shift as the company seeks to expand enterprise adoption through more flexible deployment options ...
GitHub

A Python debugging library for detailed code execution tracing. This library provides utilities for tracing Python code execution with detailed information about variables ...

Note: Implemented to avoid using pdb manual effort. This is not going to replace pyinstrument, py-spy, and several other performance and profiling debugging tools. This is a simple tool just to ...
Bleeping Computer

Flaw in Gemini CLI AI coding assistant allowed stealthy code execution

A vulnerability in Google's Gemini CLI allowed attackers to silently execute malicious commands and exfiltrate data from developers' computers using allowlisted programs. The flaw was discovered and ...