Bleeping Computer

Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary code on exposed servers. The flaw is tracked as ...
CSO Online

FastAPI-based AI tools exposed to authentication bypass by flaw in Starlette framework

Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers and agent infrastructure.
CSOonline

Unpatched ChromaDB flaw leaves servers open to remote code execution

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI models before authentication is checked. Researchers have published details ...

Zifo Unifies Disconnected Lab Systems with AI-Enabled Data Orchestration

CAMBRIDGE, Mass. and CAMBRIDGE, England, May 28, 2026 /PRNewswire/ -- Zifo, the leading global enabler of AI and data-driven enterprise informatics for science-driven organizations, has developed ...
Arabian Post

BadHost flaw puts AI servers at risk

A newly disclosed flaw in Starlette has put Python-based AI services under pressure to patch systems that may expose protected endpoints through manipulated HTTP Host headers. The vulnerability, ...
InfoWorld

Pyrefly 1.0: A fast, forward-looking Python linter

Meta’s Rust-powered linter and type checker for Python pairs blazing speed with advanced and innovative features.

Worrying open-source security issue 'BadHost' could affect millions of AI agents

The risk is "materially understated", researchers are saying as passwords and critical data can be exfiltrated.

Vibe Coding Cheat Sheet: Tools, Prompts, Security Tips, and More

This vibe coding cheat sheet explains how plain-language prompts can build apps fast, plus the planning, testing, and ...