Critical Marimo pre-auth RCE flaw now under active exploitation

A critical pre-authentication remote code execution (RCE) vulnerability in Marimo is now under active exploitation, leveraged ...
The Next Web

Meta freezes AI data work after breach puts training secrets at risk

Meta has indefinitely paused work with $10B AI data startup Mercor after a LiteLLM supply chain attack exposed training ...

Two different attackers poisoned popular open source tools - and showed us the future of supply chain compromise

FEATURE Two supply chain attacks in March infected open source tools with malware and used this access to steal secrets from ...
GitHub

fast-copy — High-Speed File Copier with Deduplication & SSH Streaming

Local → Remote Files are streamed as chunked tar batches over SSH. Remote runs tar xf - to extract on the fly Remote → Local Remote runs tar cf -, local extracts with streaming extraction — files ...
The Hacker News

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.
GitHub

Sofascore Public API Documentation

The Sofascore web platform is heavily driven by a robust, unified JSON API backend. Unlike ESPN, which historically separated core stats from frontend routing, Sofascore uses a clean REST-like ...