Hackaday

This Week In Security: Flatpak Fixes, Android Malware, And SCADA Was IOT Before IOT Was Cool

Rowhammer attacks have been around since 2014, and mitigations are in place in most modern systems, but the team at gddr6.fail has found ways to apply the attack to current-generation GPUs.
SecurityWeek

Critical Marimo Flaw Exploited Hours After Public Disclosure

A threat actor started exploiting CVE-2026-39987, an unauthenticated RCE vulnerability in Marimo, nine hours after public disclosure.
Security Boulevard

This fake Windows support website delivers password-stealing malware

A convincing Microsoft lookalike tricks users into downloading malware that steals passwords, payments, and account access.
Developer Tech

Google TorchTPU enables native PyTorch AI execution

Google has launched TorchTPU, an engineering stack enabling PyTorch workloads to run natively on TPU infrastructure for ...
The Hacker News

N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

Over 1,700 malicious packages since Jan 2025 fuel cross-ecosystem supply chain attacks, enabling espionage and financial ...
Arabian Post

PyPI proxy trap siphons AI prompts

A Python package presented as a privacy-first shortcut to AI models has been unmasked as a supply-chain threat that quietly captures user prompts, leans on a private university service without ...
The Next Web

Meta freezes AI data work after breach puts training secrets at risk

Meta has indefinitely paused work with $10B AI data startup Mercor after a LiteLLM supply chain attack exposed training ...
XDA Developers on MSN

I used to hate complex spreadsheet formulas and then I found Python in Excel

Excel is my database, Python is my brain.
Dark Reading

Claude Source Code Leak Highlights Big Supply Chain Missteps

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.