SecurityWeek

Critical Marimo Flaw Exploited Hours After Public Disclosure

A threat actor started exploiting CVE-2026-39987, an unauthenticated RCE vulnerability in Marimo, nine hours after public ...
The Hacker News

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

PM This week in cybersecurity: botnets, RCE flaws, AI-driven attacks, stealers, and more. Fast, no-fluff roundup.

What leaked “SteamGPT” files could mean for the PC gaming platform’s use of AI

These days, it seems like every tech company and their corporate parent is looking to squeeze AI tools and features into ...

Data Doctors: Is Google using my email messages to train AI?

A viral story claims Gmail automatically opted all users into a program that lets Google train its AI on your private emails ...
Decrypt

New Tools Aim to Make AI 'Vibe Coding' Safer for Crypto

A new initiative by Matterhorn and the ASI Alliance adds auditing tools and safety checks for vibe coding smart contracts.

When attackers already have the keys, MFA is just another door to open

Stolen credentials turn authentication systems into the attack surface. Token shows how wearable biometric authentication ...