ESPHome 2026.5.0 has just been released with the beta version of the new ESPHome Device Builder web app that replaces the legacy in-tree dashboard with a real configuration editor, a firmware job ...

GGUF parser vulnerabilities disclosed May 15, 2026 include a critical integer overflow that lets any malicious model file ...

WSL has come a long way.

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...

Between May 6 and 7, it was dangerous to install JDownloader from alternative links on the site.

A new threat actor is combining social engineering techniques, abuse of legitimate cloud infrastructure, and custom malware together to create what appears to be novel attack chain. Google Threat ...

The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says. A critical pre-authentication ...

A critical pre-authentication remote code execution vulnerability in Marimo, an open-source Python notebook platform owned by AI cloud company CoreWeave, was exploited in the wild less than 10 hours ...

In January 2026, Microsoft Defender Experts identified a new evolution in the ongoing ClickFix campaign. This updated tactic deliberately crashes victims’ browsers and then attempts to lure users into ...

An emerging phishing campaign is exploiting a dangerous combination of legitimate Cloudflare services and open source Python tools to deliver the commodity AsyncRAT. The attack demonstrates threat ...

Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain ...

When the Mojo language first appeared, it was promoted as being the best of two worlds, bringing the ease of use and clear syntax of Python, along with the speed and memory safety of Rust. For some ...