The Hacker News

Critical Langflow Flaw CVE-2026-33017 Triggers Attacks within 20 Hours of Disclosure

Langflow CVE-2026-33017 exploited in 20 hours after disclosure, enabling RCE via exec(), exposing systems before patching cycles.

YouTube killed my comment alerts, so I vibe-coded a fix to get them back - in just 1 hour

With Gemini and a simple Python script, I rebuilt YouTube email alerts. Now I won't miss another comment. Here's how you can do the same.
SecurityWeek

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.
Analytics India Magazine

From Hangzhou to Karur, Two Coders Cracked the Same Problem

China's intense contest ecosystem meets India's grassroots coding grind in a record-setting global competition.
The Manila Times

OpenAI to buy Python toolmaker Astral to take on Anthropic

OpenAI said on Thursday it will acquire Python toolmaker Astral, as the ChatGPT owner looks to strengthen its portfolio ...
InfoWorld

OpenAI buys non-AI coding startup to help its AI to program

OpenAI on Thursday announced the acquisition of Astral, the developer of open source Python tools that include uv, Ruff and ty. It says that it plans to integrate them with Codex, its AI coding agent ...
Infosecurity Magazine

Hackers Exploit Critical Langflow Bug in Just 20 Hours

Sysdig cited figures from the Zero Day Clock initiative which revealed that median time-to-exploit (TTE) collapsed from 771 ...
InfoWorld

The ‘toggle-away’ efficiencies: Cutting AI costs inside the training loop

You don't need the newest GPUs to save money on AI; simple tweaks like "smoke tests" and fixing data bottlenecks can slash ...

Humans Win By Latest ChatGPT Changes Reducing Teaser-Phrasing So That AI Won’t Be So Annoyingly Click-Baity

Many LLMs use teaser-phrasing to get users to keep going in a conversation. OpenAI says they are reducing this in ChatGPT.

Widely used Trivy scanner compromised in ongoing supply-chain attack

Hackers have compromised virtually all versions of Aqua Security’s widely used Trivy vulnerability scanner in an ongoing ...
Infosecurity Magazine

Security Flaw in AWS Bedrock Code Interpreter Raises Alarms

A method for exfiltrating sensitive data from AI-powered code execution environments using domain name system (DNS) queries has been demonstrated by security researchers, highlighting potential risks ...

Cryptographers engage in war of words over RustSec bug reports and subsequent ban

Since February, cryptographer Nadim Kobeissi has been trying to get code fixes applied to Rust cryptography libraries to ...