CSO Online

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

A single unauthenticated connection gives attackers a full shell; credential theft observed in under three minutes on honeypot servers.

The silent “Storm”: New infostealer hijacks sessions, decrypts server-side

New "Storm" infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA.

OpenAI rotates macOS certs after Axios attack hit code-signing workflow

OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious ...
InfoQ

Anthropic Releases Claude Mythos Preview with Cybersecurity Capabilities but Withholds Public Access

Anthropic has introduced Claude Mythos Preview, its most advanced AI model, improving significantly in reasoning, coding, and ...