The Hacker News

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

CVE-2026-5752 CVSS 9.3 flaw in Terrarium enables root code execution via Pyodide prototype traversal, risking container ...
Business Insider

A 4 a.m. scramble turned Anthropic's leak into a 'workflow revelation'

Coders have had a field day weeding through the treasures in the Claude Code leak. "It has turned into a massive sharing party," said Sigrid Jin, who created the Python edition, Claw Code. Here's how ...

New npm supply-chain attack self-spreads to steal auth tokens

A new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.
Decrypt

Ocean Network Builds ‘Airbnb for Compute’ Network Using Idle GPUs

Amid the ongoing GPU shortage, Ocean Network is looking to connect the world’s idle computing power with those who need it.
Decrypt

New Tools Aim to Make AI 'Vibe Coding' Safer for Crypto

A new initiative by Matterhorn and the ASI Alliance adds auditing tools and safety checks for vibe coding smart contracts.
Indiatimes

Tesla's former VP Andrej Karpathy shares AI coding 'horror', 'Python supply chain attack' that could have wiped millions of SSL private keys, database passwords, more; and Elon ...

Andrej Karpathy, the former Tesla AI director and OpenAI cofounder, is calling a recent Python package attack "software horror"—and the details are genuinely alarming. A compromised version of LiteLLM ...

Mantle Unites Global AI, Tech, and Youth Communities for Its Largest AI Hackathon, Backed by Tencent Cloud, Bybit, Byreal, and Blockchain for Good Alliance

Mantle, the premier distribution layer connecting traditional finance with on-chain liquidity and real-world assets, today announced the Turing Test ...
FinanceFeeds

Crypto Programming Guide: Building Real-World Applications

A comprehensive guide to crypto programming in 2026, covering essential languages, smart contract development, DeFi applications ...
The Next Web

Someone bought 30 WordPress plugins and planted backdoors in all of them

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...
Bleeping Computer

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...