InfoWorld

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says.
The Hacker News

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI revoked its macOS signing certificate after a malicious Axios dependency incident on March 31, 2026, preventing ...
eWeek

Microsoft Copilot Cheat Sheet: A Complete Guide to Microsoft’s AI

Learn what Microsoft Copilot is, how it works, pricing, features, and whether it’s worth it in 2026 across Windows, Edge, and ...

Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from ...

Anthropic’s biggest AI leak yet: How Claude Code spill exposed secrets and sparked chaos

AI firm Anthropic accidentally leaked its Claude Code source code via an npm package, revealing unreleased features like an ...
InfoWorld

GitHub adds Stacked PRs to speed complex code reviews

Breaking up is hard to do when it comes to large pull requests, so GitHub is stacking things in favor of development teams ...

Critical Marimo pre-auth RCE flaw now under active exploitation

A critical pre-authentication remote code execution (RCE) vulnerability in Marimo is now under active exploitation, leveraged ...

OpenAI rotates macOS certs after Axios attack hit code-signing workflow

OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious ...
The Hacker News

N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

Over 1,700 malicious packages since Jan 2025 fuel cross-ecosystem supply chain attacks, enabling espionage and financial ...