Microsoft

The Gentlemen ransomware: Dissecting a self-propagating Go encryptor

Microsoft Threat Intelligence presents a comprehensive analysis of The Gentlemen, a Go-based ransomware deployed by ...
Martin Cid Magazine

GlassWorm hid invisible code in VS Code extensions for a year before its takedown

For more than a year, a self-propagating worm rode VS Code extensions, npm packages, and stolen developer credentials through ...
Tech Times

DNA Privacy: Open-Source Rosalind Runs Whole-Genome Analysis in 100 MB

Rosalind, a Rust-built genomics library, runs whole genome sequencing analysis in 100 MB of RAM on a laptop, with no cloud ...

Worrying open-source security issue 'BadHost' could affect millions of AI agents, experts warn

The risk is "materially understated", researchers are saying as passwords and critical data can be exfiltrated.

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to ...
Tech Times

llama.cpp GGUF Parser Flaws: Critical Integer Overflow Enables Arbitrary Reads in Every Local AI Stack

GGUF parser vulnerabilities disclosed May 15, 2026 include a critical integer overflow that lets any malicious model file trigger arbitrary memory reads — affecting Ollama, LM Studio, and every local ...
InfoWorld

Taming the generative AI back end

Writing code that interacts with LLM services requires bridging two different worlds. Use these tips and techniques to bind ...
Communications of the ACM

Faults and Pitfalls in Implementing the Right to be Forgotten

This practice had to change when the European Union introduced Right to be Forgotten (RTBF)—first in 2014, as a standalone ...
CSO Online

Unpatched ChromaDB flaw leaves servers open to remote code execution

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...

Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...