The Hacker News

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

CVE-2026-5752 CVSS 9.3 flaw in Terrarium enables root code execution via Pyodide prototype traversal, risking container ...
XDA Developers on MSN

5 open-source developer tools that are better than their well-funded competitors

Better than billion-dollar software.

Another npm supply chain worm is tearing through dev environments

Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as ...
The Hacker News

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI revoked its macOS signing certificate after a malicious Axios dependency incident on March 31, 2026, preventing ...
diginomica

Cloudsmith warns - most teams won't meet the EU Cyber Resilience Act's software supply chain deadline

Most organizations can see their software security risks. Far fewer can act on them fast enough to matter – and with the EU ...
XDA Developers on MSN

I’d do these 5 things differently if I started self-hosting LLMs today

From trial-and-error to a cleaner local AI workflow.

Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from ...
Cybernews

Checkmarx hit again, popular tools spreading credential-stealing malware

Checkmarx suffers a second supply chain attack in a month, resulting in hackers injecting credential-stealing malware into ...
Newsworthy.ai

An AI Escaped Its Sandbox, Emailed a Researcher, Then Self-Published Its Own Exploit Online!

VectorCertain LLC today announced new validation results demonstrating that its SecureAgent platform successfully detected ...
decrypt

What Is Hermes? The Self-Improving AI Agent Coming for OpenClaw

Add Decrypt as your preferred source to see more of our stories on Google. Hermes Agent saves every workflow it learns as a reusable skill, compounding its capabilities over time—no other agent does ...
Techzine Europe

OpenSearch is enterprise-ready with long-term support and version 3.6

OpenSearch is getting an LTS program with 18 months of support, SBOM compliance, and vendor accreditation. OpenSearch 3.6 is ...
CSO Online

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...