200,000 MCP servers expose a command execution flaw that Anthropic calls a feature

OX Security confirmed arbitrary command execution on six live platforms and estimates 200,000 MCP servers are exposed. Here's ...
Hackaday

This Week In Security: State Malware, State Hardware Bans, And Stuxnet Before Stuxnet Was Cool

Making headlines everywhere is the CopyFail Linux kernel vulnerability, which allows local privilege escalation (LPE) from any user to root privileges on most kernels and distributions. Local ...

One tool call to rule them all? New open source Python tool RunPod Flash eliminates containers for faster AI dev

With Flash GA, the company is attempting to transition from being a provider of raw compute to becoming the essential ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
How-To Geek on MSN

The tiny open-source apps that somehow became essential (and you've probably never heard of them)

Stop using bloated tools—these 5 tiny open-source apps quietly solve problems nobody else bothers to fix and do more with ...

Panzura opens its global filesystem to Microsoft Copilot users

Panzura LLC, maker of a global cloud file system, today announced the general availability of Nexus, a new platform designed ...
MUO on MSN

3 apps I self-host that genuinely made my life better

My homelab actually pays off now.

PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...
eWeek

Factory Humanoid Clocks In at Siemens Plant

On the silicon side, Nvidia's tech let Humanoid slash hardware development from the usual 18–24 months to just seven months. Executives pitched the deployment as proof that factory-grade humanoids can ...
The Hacker News

SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

CVE-2026-5760 (CVSS 9.8) exposes SGLang via /v1/rerank endpoint, enabling RCE through malicious GGUF models, risking server ...
New York Post

Foreign hacker compromised FBI’s cache of Epstein files at NY field office in 2023

A foreign hacker unknowingly compromised a cache of the FBI’s documents on Jeffrey Epstein three years ago and was so disgusted by what they saw in the files that they threatened to report them to the ...