The Hacker News

New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials

DEEP#DOOR embeds a Python RAT in a dropper script, using bore[.]pub C2 to steal credentials and evade Windows defenses, ...
Cybernews

One tiny exploit gives full Linux access: all kernels since 2017 are vulnerable

The critical "Copy Fail" bug (CVE-2026-31431) affects all Linux kernels since 2017, allowing unprivileged local users to gain ...

ClickUp Data Leak Exposes Enterprise Emails for Over a Year

A hardcoded ClickUp API key exposed hundreds of corporate and government emails for over a year, raising new SaaS security ...
IEEE

PyBugHive: A Comprehensive Database of Manually Validated, Reproducible Python Bugs

Abstract: Python is currently the number one language in the TIOBE index and has been the second most popular language on GitHub for years. But so far, there are only a few bug databases that contain ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...
XDA Developers on MSN

I keep finding vibe coded apps that leak user data, and I'm not even looking for it

Vibe coding platforms are powerful, but users often don't know what they created.

Most enterprises can't stop stage-three AI agent threats, VentureBeat survey finds

How mature is your AI agent security? VentureBeat's survey of 108 enterprises maps the gap between monitoring and isolation — ...

Endee Launches Managed Cloud for its Open-Source Vector Database with Generous Free Tier

The open-source vector database Endee.io, that is well known for its Ultra High performance with 10x lower Infra, is ...
CSO Online

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

A single unauthenticated connection gives attackers a full shell; credential theft observed in under three minutes on honeypot servers.
Sports Illustrated

Bears Would Be Using Their Imagination with One Possible DB Selection

Bears coordinator Dennis Allen likes talent and not necessarily positional expertise, and with one player they showed interest in they would get exactly that. One trouble with mock draft simulations ...
WKYC3

Former Lorain County 911 dispatcher charged after allegedly accessing law enforcement database for personal use

ELYRIA, Ohio — A former 911 dispatcher in Lorain County has been charged after authorities say he improperly accessed a law enforcement database for personal reasons while on duty. Greggory D. Byrd, ...
USA Today

The Operator Vault Publishes Free OpenClaw API Database for AI Agent Builders

The Operator Vault launches a free OpenClaw API database, giving AI agent builders a single reference for compatible APIs. Live now at theoperatorvault.io/openclaw ...