Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...

Microsoft Self-Service Password Reset abused in Azure data theft attacks

A threat actor targeting Microsoft 365 and Azure production environments is stealing data in attacks that abuse legitimate ...
InfoWorld

AntV data visualization tool the latest to be hit by ongoing npm supply chain attacks

The world’s largest open-source registry, node package manager (npm), has been hit by another fast-moving malware attack, ...

Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that ...
The Next Web

Google found the first AI-generated zero-day exploit. It stopped the attack before it started.

Google's GTIG identified the first zero-day exploit developed with AI and stopped a mass exploitation event. The report documents state actors using AI for vulnerability research and autonomous ...
BankInfoSecurity

AI-Built Zero-Day Nearly Powered Mass Attack

A cybercriminal group came close to launching a mass attack earlier this year, armed with a software exploit that an AI model ...
The Hacker News

Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation

Google identified the first malicious AI use for a zero-day 2FA bypass in an open-source admin tool, accelerating threat ...
AZoM

Structured Data Capture in Signals One for AI-Ready Analytics

Structured data capture in Revvity Signals One turns lab data into searchable, auditable records for real-time analytics and ...
Security Info WatchOpinion

Why Point-in-Time Assessments Fail and What Must Replace Them

The rise of AI services, rapid software updates and unseen third-party data flows is exposing the limits of annual vendor ...
The Hacker News

Weaver E-cology RCE Flaw CVE-2026-22679 Actively Exploited via Debug API

CVE-2026-22679 exploited via debug endpoint in Weaver E-cology before 20260312, enabling RCE and system compromise.
How-To Geek on MSN

What makes a Spotify hit? I tested over 30,000 songs in Python to find out

Digging through the data to find chart success.

Alibaba's Metis agent cuts redundant AI tool calls from 98% to 2% — and gets more accurate doing it

Alibaba's HDPO framework trains AI agents to skip unnecessary tool calls, cutting redundant invocations from 98% to 2% while boosting reasoning accuracy.