Critical Marimo pre-auth RCE flaw now under active exploitation

Published on April 12, 2026

A critical pre-authentication remote code execution (RCE) vulnerability in Marimo is now under active exploitation, leveraged for credential theft. [...]

Continue reading on website
Other news

CPUID Breach Distributes STX RAT via Trojanized CPU-Z and HWMonitor Downloads

April 12, 2026
Unknown threat actors compromised CPUID ("cpuid[.]com"), a website that hosts popular hardware monitoring tools like CPU-Z, HWMonitor, HWMonitor Pro, and PerfMonitor, for less than 24 hours to serve malicious executables for the software and deploy a remote access trojan called STX RAT.The incident lasted from approximately April 9, 15:00 UTC, to about April 10, 10:00 UTC, with

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

April 13, 2026
OpenAI revealed a GitHub Actions workflow used to sign its macOS apps, which downloaded the malicious Axios library on March 31, but noted that no user data or internal system was compromised."Out of an abundance of caution, we are taking steps to protect the process that certifies our macOS applications are legitimate OpenAI apps," OpenAI said in a post last week. "We found