The Hacker News

Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign

Over 1,000 exposed ComfyUI instances exploited via unauthenticated code execution, enabling Monero mining and botnet expansion.
InfoWorld

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says.

ComfyUI servers: Attackers turn instances into a cryptominer proxy botnet

More than 1000 ComfyUI servers are exposed to the internet. Attackers exploit misconfigurations to add instances to a botnet.

Tesla's former VP Andrej Karpathy shares AI coding 'horror', 'Python supply chain attack' that could have wiped millions of SSL private keys, database passwords, more; and Elon ...

Andrej Karpathy, the former Tesla AI director and OpenAI cofounder, is calling a recent Python package attack \"software horror\"—and the details are ge.
Analytics India Magazine

New Research Finds Seven ‘Deadly’ Vulnerabilities in AI Benchmarks

A team of researchers from UC Berkeley have demonstrated that eight AI agent benchmarks can be manipulated to produce ...

Pennsylvania Uber Driver Finds Live Python in Trunk After Passengers Drop Their 'Bag Contents' During Ride

The driver found the reptile the morning after a ride from a Philadelphia reptile show. Police say the snake was safely ...
eWeek

Anthropic's Opus 4.7 Sets a New Benchmark Bar

Claude Opus 4.7 is Anthropic's newest flagship model, boasting a jump to 64.3% on SWE-bench Pro (a brutal test of fixing real ...

Movie Review: Bob Odenkirk’s sheriff is new to town in the gory thriller ‘Normal’

Usually, the mean face of these movies is the town sheriff. The best recent example: Don Johnson’s crooked lawman in 2024’s ...
SecurityWeek

Telnyx Targeted in Growing TeamPCP Supply Chain Attack

The TeamPCP hacking group has hacked the Telnyx PyPI package as part of a supply chain campaign targeting the broad OSS ecosystem.

Most enterprises can't stop stage-three AI agent threats, VentureBeat survey finds

How mature is your AI agent security? VentureBeat's survey of 108 enterprises maps the gap between monitoring and isolation — ...

'No more tears': Former senator Ben Sasse talks frankly about his terminal cancer diagnosis

Ben Sasse, who served Nebraska for eight years in the U.S. Senate, spoke openly this week about living — and dying — with ...