The tiny editor has some big features.

The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says.

Chinese robotics star Unitree opened preorders for its sport-ready R1 humanoid on Alibaba's AliExpress this week, hitting regions such as North America, Europe, Japan, and Singapore ahead of a June 30 ...

A critical pre-authentication remote code execution (RCE) vulnerability in Marimo is now under active exploitation, leveraged ...

Better way to master Python.

Marimo CVE-2026-39987 exploited within 10 hours of disclosure, enabling unauthenticated RCE and credential theft, emphasizing urgent patching needs.

The PyTorch Foundation also welcomed Safetensors as a PyTorch Foundation-hosted project. Developed and maintained by Hugging ...

Mark Collier briefed me on two updates under embargo at KubeCon Europe 2026 last month: Helion, which opens up GPU kernel ...

Meta has indefinitely paused work with $10B AI data startup Mercor after a LiteLLM supply chain attack exposed training ...

Or, why the software supply chain should be treated as critical infrastructure with guardrails built in at every layer.

The TeamPCP hacking group has hacked the Telnyx PyPI package as part of a supply chain campaign targeting the broad OSS ecosystem.

Several of this week’s top stories touch on the pitfalls of open source development, especially when things like power, money, and ego are involved. Also, a look at Python’s nifty new sampling ...