The Hacker News

SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

CVE-2026-5760 (CVSS 9.8) exposes SGLang via /v1/rerank endpoint, enabling RCE through malicious GGUF models, risking server ...
The Hacker News

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

The cybersecurity company said the systemic vulnerability is baked into Anthropic's official MCP software development kit ...
XDA Developers on MSN

I used Claude to learn about Python and I should have sooner

Better way to master Python.

Tesla's former VP Andrej Karpathy shares AI coding 'horror', 'Python supply chain attack' that could have wiped millions of SSL private keys, database passwords, more; and Elon ...

Andrej Karpathy, the former Tesla AI director and OpenAI cofounder, is calling a recent Python package attack \"software horror\"—and the details are ge.
eWeek

Apple, Google Face Scrutiny as ‘Nudify’ Apps Hit 483M Downloads

TTP says Apple and Google app stores surfaced ‘nudify’ apps tied to 483 million downloads through search results, ads, and ...
InfoWorld

Tap into the AI APIs of Google Chrome and Microsoft Edge

The Chrome and Edge browsers have built-in APIs for language detection, translation, summarization, and more, using locally ...
Infosecurity Magazine

Systemic Flaw in MCP Protocol Could Expose 150 Million Downloads

However, in a report published on April 15, researchers at Ox Security claimed that a flaw in the protocol could enable ...
diginomica

PyTorch Foundation adds Helion and Safetensors - and the open AI stack gets a little harder to ignore

Mark Collier briefed me on two updates under embargo at KubeCon Europe 2026 last month: Helion, which opens up GPU kernel ...

Anthropic won't own MCP 'design flaw' putting 200K servers at risk, researchers say

A design flaw – or expected behavior based on a bad design choice, depending on who is telling the story – baked into ...
eWeek

OpenAI’s Stargate Pause Puts 5,000 UK Jobs, AI Growth Plans at Risk

OpenAI pauses its Stargate UK data centre plans, citing energy costs and regulatory uncertainty, dealing a blow to the UK’s ...
CSO Online

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...

Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from ...