Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...
CSO Online

Unpatched ChromaDB flaw leaves servers open to remote code execution

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...
腾讯网

我让 GLM-5.1 HighSpeed 做了一个真正能用的 AI 选题雷达和微信自动Agent

我本来以为高速模型就是“回复快一点”,直到我用它做了两个完整的产品开发。是从 PRD 出发,做视觉原型、搭前后端、设计数据结构、写接口、修 bug,最后交付一个能打开、能点击、能截图的产品。整个过程不到 20 ...
The Hacker News

ThreatsDay Bulletin: Linux Rootkits, Router 0-Day, AI Intrusions, Scam Kits and 25 New Stories

A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are ...