The Hacker News

Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign

Over 1,000 exposed ComfyUI instances exploited via unauthenticated code execution, enabling Monero mining and botnet expansion.
InfoWorld

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says.

Zoho founder Sridhar Vembu to engineers on how to survive in AI era: Programming skills are the foundation, but ...

Zoho founder Sridhar Vembu advises software engineers to prioritize deep domain expertise over just programming skills to succeed in the AI era. While AI accelerates prototypes, he emphasizes that ...

ComfyUI servers: Attackers turn instances into a cryptominer proxy botnet

More than 1000 ComfyUI servers are exposed to the internet. Attackers exploit misconfigurations to add instances to a botnet.
Analytics India Magazine

New Research Finds Seven ‘Deadly’ Vulnerabilities in AI Benchmarks

A team of researchers from UC Berkeley have demonstrated that eight AI agent benchmarks can be manipulated to produce ...

Pennsylvania Uber Driver Finds Live Python in Trunk After Passengers Drop Their 'Bag Contents' During Ride

The driver found the reptile the morning after a ride from a Philadelphia reptile show. Police say the snake was safely ...
SecurityWeek

Telnyx Targeted in Growing TeamPCP Supply Chain Attack

The TeamPCP hacking group has hacked the Telnyx PyPI package as part of a supply chain campaign targeting the broad OSS ecosystem.

Movie Review: Bob Odenkirk’s sheriff is new to town in the gory thriller ‘Normal’

Usually, the mean face of these movies is the town sheriff. The best recent example: Don Johnson’s crooked lawman in 2024’s ...
The Hacker News

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI revoked its macOS signing certificate after a malicious Axios dependency incident on March 31, 2026, preventing ...

Most enterprises can't stop stage-three AI agent threats, VentureBeat survey finds

How mature is your AI agent security? VentureBeat's survey of 108 enterprises maps the gap between monitoring and isolation — ...

Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from ...