Max-severity flaw in ChromaDB for AI apps allows server hijacking
Max-severity flaw in ChromaDB for AI apps allows server hijacking By Bill Toulas May 19, 2026 06:25 PM A max-severity vulnerability in the latest Python FastAPI version of the…
Search
FBI warns of Kali365 phishing service targeting Microsoft 365 accounts
…other cloud SaaS platforms, which are then used to steal data. The FBI warns that Kali365 gives even low-skilled attackers access to advanced phishing capabilities, including AI-generated phishing lures, automated…
Instagram users locked out after Meta AI abused to steal accounts
…In many cases, impacted users are unable to recover access due to the platform's use of automated assistance that involves only AI/chatbot loops and no human support agents. On Monday…
New Apple feature automatically changes your compromised passwords
…This changes with a new AI-powered security feature. Apple says the built-in password app and Safari now use AI to "agentically" take action based on your behavior and secure your…
GitHub confirms breach of 3,800 repos via malicious VSCode extension
…malicious extensions advertised as AI-based coding assistants with 1.5 million installs exfiltrated data from compromised developer systems to servers in China . GitHub's cloud-based platform is now used by…
Early Warning Signs of Supply-Chain Attacks Live in the Dark Web
…A similar point appears in public reporting around TeamPCP and Mistral AI. In May 2026, reports claimed that TeamPCP was selling hundreds of alleged Mistral AI repositories. Mistral disputed parts of the…
GitHub disables Microsoft repos pushing password-stealing malware
…The OpenSourceMalware platform notes that the 'durabletask' - a repository in Microsoft's Azure organization on GitHub, was compromised in May, indicating that an incomplete cleanup allowed the threat actor to return with…
Tycoon2FA hijacks Microsoft 365 accounts via device-code phishing
…Despite an international law enforcement operation disrupting the Tycoon2FA phishing platform in March, the malicious operation was rebuilt on new infrastructure and quickly returned to regular activity levels. Earlier this month, Abnormal…
French govt messaging service breached in account hijacking attack
…DINUM revealed on Monday that ANSSI detected a Tchap breach on Sunday and said that a threat actor gained access to the secure instant messaging platform using a compromised user account. The…
KnowledgeDeliver flaw exploited as a zero-day to install web shells
…According to the researchers, the malicious code on the platform “convinced users to download a fake installer,” which led to the machine getting infected with a Cobalt Strike beacon, essentially planting a…