New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
The Hacker News

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS

Six Proto6 flaws in protobuf.js enable RCE and DoS attacks; patched in versions 7.5.6 and 8.0.2 to protect Node.js services.
InfoWorld

Protocol Buffers schemas expose remote code execution risk

Researchers at Cyera found six vulnerabilities in prtobuf.js, including a flaw that can turn attacker-controlled schema data ...
Mashable

Google is banning Javascript attachments from Gmail

The biggest stories of the day delivered to your inbox.

Cohere open-sources a coding agent that runs on a single H100

Cohere's North Mini Code ranks 8th of 127 open-weight models on output speed — but generates 3x the output tokens of ...
Decrypt

Moonshot AI's Kimi Work Brings 300 AI Agents to Your Desktop

Kimi Work lets an AI agent loose on your local files, your browser, and your schedule—without routing everything through the ...
MSN on MSN

CISA ordered agencies to patch the actively exploited MongoBleed flaw before attackers spread

Federal agencies that rely on MongoDB now face a hard deadline to fix a vulnerability that lets unauthenticated attackers read sensitive data straight from server memory. The Cybersecurity and ...