The Hacker News

Over 1,000 Exposed ComfyUI Instances Targeted in Cryptomining Botnet Campaign

Over 1,000 exposed ComfyUI instances exploited via unauthenticated code execution, enabling Monero mining and botnet expansion.
InfoWorld

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says.

OpenAI's senior exec Srinivas Narayanan announces he is leaving; says: 'Looking forward to spending some time with my aging parents in India before…'

Srinivas Narayanan, OpenAI's CTO for B2B applications, is departing the company next week after nearly three years. He plans to visit his parents in India before considering future professional ...

ComfyUI servers: Attackers turn instances into a cryptominer proxy botnet

More than 1000 ComfyUI servers are exposed to the internet. Attackers exploit misconfigurations to add instances to a botnet.
Analytics India Magazine

New Research Finds Seven ‘Deadly’ Vulnerabilities in AI Benchmarks

A team of researchers from UC Berkeley have demonstrated that eight AI agent benchmarks can be manipulated to produce ...

Pennsylvania Uber Driver Finds Live Python in Trunk After Passengers Drop Their 'Bag Contents' During Ride

The driver found the reptile the morning after a ride from a Philadelphia reptile show. Police say the snake was safely ...

Most enterprises can't stop stage-three AI agent threats, VentureBeat survey finds

How mature is your AI agent security? VentureBeat's survey of 108 enterprises maps the gap between monitoring and isolation — ...

Movie Review: Bob Odenkirk’s sheriff is new to town in the gory thriller ‘Normal’

Usually, the mean face of these movies is the town sheriff. The best recent example: Don Johnson’s crooked lawman in 2024’s ...
SecurityWeek

Telnyx Targeted in Growing TeamPCP Supply Chain Attack

The TeamPCP hacking group has hacked the Telnyx PyPI package as part of a supply chain campaign targeting the broad OSS ecosystem.
eWeek

Anthropic's Opus 4.7 Sets a New Benchmark Bar

Claude Opus 4.7 is Anthropic's newest flagship model, boasting a jump to 64.3% on SWE-bench Pro (a brutal test of fixing real ...

Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from ...