Critical Marimo pre-auth RCE flaw now under active exploitation

A critical pre-authentication remote code execution (RCE) vulnerability in Marimo is now under active exploitation, leveraged ...

If this project succeeds, your Time Capsule may not be killed off in macOS 27

A new GitHub project is trying to retrofit Apple's discontinued Time Capsule with modern SMB support. If this works, Time Machine backups to and restores from the hardware will still work, even after ...
The Next Web

Meta freezes AI data work after breach puts training secrets at risk

Meta has indefinitely paused work with $10B AI data startup Mercor after a LiteLLM supply chain attack exposed training ...

Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

Although executed by different attackers – Axios by North Korean-linked goons, and Trivy et al. by a loosely knit band of ...
The Hacker News

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.
CSO Online

Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack

With almost 175,000 npm projects listing the library as a dependency, the attack had a huge cascade effect and shows how quickly a compromised package can propagate through the ecosystem.
GitHub

Free SSH, VNC, RDP & SFTP client for Android

Terminal — VT100/xterm emulator with multi-tab sessions, Mosh (Mobile Shell) for roaming connections and Eternal Terminal (ET) for persistent sessions — both with pure Kotlin protocol implementations ...
GitHub

HYPER12755/Haven-ssh-client

Terminal — VT100/xterm emulator with multi-tab sessions, Mosh (Mobile Shell) for roaming connections and Eternal Terminal (ET) for persistent sessions — both with pure Kotlin protocol implementations ...