CSO Online

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

A single unauthenticated connection gives attackers a full shell; credential theft observed in under three minutes on honeypot servers.
Indiatimes

Tesla's former VP Andrej Karpathy shares AI coding 'horror', 'Python supply chain attack' that could have wiped millions of SSL private keys, database passwords, more; and Elon ...

Andrej Karpathy, the former Tesla AI director and OpenAI cofounder, is calling a recent Python package attack "software horror"—and the details are genuinely alarming. A compromised version of LiteLLM ...