Critical Marimo pre-auth RCE flaw now under active exploitation

A critical pre-authentication remote code execution (RCE) vulnerability in Marimo is now under active exploitation, leveraged ...
The Hacker News

Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure

Marimo CVE-2026-39987 exploited within 10 hours of disclosure, enabling unauthenticated RCE and credential theft, emphasizing urgent patching needs.

I vibe coded a feed reading web app. It was enlightening and uncomfortable

Back in 2019, AI attracted attention for producing quirky, weird content. By 2022, it was producing occasionally passable ...

Your developers are already running AI locally: Why on-device inference is the CISO’s new blind spot

Shadow AI 2.0 isn’t a hypothetical future, it’s a predictable consequence of fast hardware, easy distribution, and developer ...

Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

Although executed by different attackers – Axios by North Korean-linked goons, and Trivy et al. by a loosely knit band of ...
The Hacker News

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI revoked its macOS signing certificate after a malicious Axios dependency incident on March 31, 2026, preventing ...
Developer Tech

Google TorchTPU enables native PyTorch AI execution

Google has launched TorchTPU, an engineering stack enabling PyTorch workloads to run natively on TPU infrastructure for ...

MCP Code Mode: How Bifrost Cuts Token Usage by 50%

Bifrost stands out as the leading MCP gateway in 2026, pairing native Model Context Protocol support with Code Mode to cut ...
InfoWorld

Microsoft’s new Agent Governance Toolkit targets top OWASP risks for AI agents

The open-source project maps directly to OWASP’s top 10 agentic AI threats, aiming to curb issues like prompt injection, ...

Anthropic’s biggest AI leak yet: How Claude Code spill exposed secrets and sparked chaos

AI firm Anthropic accidentally leaked its Claude Code source code via an npm package, revealing unreleased features like an ...
Shortlist

NASA-inspired smartwatch lets kids code their own wearable

The Artemis Watch 2.0, made by CircuitMess, is a $129 programmable smartwatch designed less as a gadget you wear and more as something you can digitally rebuild into your own creation.
diginomica

PyTorch Foundation adds Helion and Safetensors - and the open AI stack gets a little harder to ignore

Mark Collier briefed me on two updates under embargo at KubeCon Europe 2026 last month: Helion, which opens up GPU kernel ...