Marimo RCE Flaw CVE-2026-39987 Exploited Within 10 Hours of Disclosure
A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10…
April 2026
Bitcoin Depot hack leads to $3.6M Bitcoin theft via stolen credentials
Hackers breached Bitcoin Depot, stole credentials, and took about 50 BTC worth $3.6M from its wallets after a March 23…
Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers
Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to…
EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallet Installs
Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit (SDK) called EngageLab…
Orion helium leak no threat to Artemis II reentry, but will require redesign
Apart from pesky issues with the spacecraft’s toilet and waste disposal system, most of the Artemis II mission has proceeded…
RFK Jr. rewrites CDC panel’s charter, opening door to anti-vaccine quacks
As expected, anti-vaccine Health Secretary Robert F. Kennedy Jr. has significantly rewritten the charter for a federal vaccine advisory panel.…
ChatGPT has a new $100 per month Pro subscription
OpenAI has announced a new version of its ChatGPT Pro subscription that costs $100 per month. The new Pro tier…
AI on the couch: Anthropic gives Claude 20 hours of psychiatry
The AI company Anthropic released a 244-page “system card” (PDF) this week describing its newest model, Claude Mythos. The model…
Ozempic Shreds Bones? How a Small Study Turned Into a Big Health Myth
Contrary to recent social media posts, GLP-1 drugs are not shredding away people’s bones.
React2DoS (CVE-2026-23869): When the Flight Protocol Crashes at Takeoff
Executive Summary In this article, we disclose a new high severity unauthenticated remote denial‑of‑service vulnerability we identified and reported in…