CSO Online

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

A single unauthenticated connection gives attackers a full shell; credential theft observed in under three minutes on honeypot servers.
The Hacker News

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

PHANTOMPULSE spreads via Obsidian plugin abuse in REF6598 campaign, targeting finance and crypto users, bypassing AV controls ...
Blockonomi

Cybercriminals Weaponize Obsidian Plugins in Sophisticated Crypto Malware Campaign

Cybercriminals exploit Obsidian Plugins to deploy PHANTOMPULSE malware, targeting crypto users via LinkedIn and Telegram in ...

We tested Anthropic’s redesigned Claude Code desktop app and 'Routines' — here's what enterprises should know

For the enterprise, the Desktop GUI is likely to become the standard for management and review, while the CLI remains the ...
SecurityWeek

Claude Code, Gemini CLI, GitHub Copilot Agents Vulnerable to Prompt Injection via Comments

Anthropic’s Claude Code Security Review, Google’s Gemini CLI Action, and GitHub Copilot Agent hacked via prompt injection ...