Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers ...
A security researcher published six vulnerabilities in llama.cpp's model-file parser to the oss-security mailing list on May 15, 2026 — and none of them carry an assigned CVE number, meaning standard ...
Open source robotics AI platform LeRobot surpassed 58,000 community datasets in 2026 — 50x growth in under a year — making it the largest dataset category on Hugging Face and signaling a ...
The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...
The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.
The zero-day-to-n-day collapse is no longer theoretical, as demonstrated by CVE-2026-39987 in Marimo, which saw initial exploitation occur just nine hours and 41 minutes after disclosure without a ...
A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to ...
说白了,今天 Skills 生态的状态跟三年前 npm 生态的状态很像——什么都有,但大多数你不需要,少数几个能真正改变你的工作流。判断标准不是 star 数,是它有没有在教 Claude 你独特的工作上下文。把这个逻辑想清楚,1400+ 这个数字就不再让人焦虑了。 三个月前 ...
Microsoft flagged a Mistral AI hack as a supply-chain attack that hid malware in a fake AI library on PyPI. Here's what ...
OpenAI says malware tied to the Shai-Hulud supply chain attack accessed internal repositories after infecting two employee ...
Cryptopolitan on MSN
Mistral AI and TanStack hit in supply chain attack with SLSA-attested malware
Attackers compromised the official Mistral AI Python package on PyPI along with hundreds of other widely-used developer ...
一些您可能无法访问的结果已被隐去。
显示无法访问的结果