Max-severity flaw in ChromaDB for AI apps allows server hijacking

Published on May 19, 2026

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary code on exposed servers. [...]

Continue reading on website
Other news

Cybercrime service disrupted for abusing Microsoft platform to sign malware

May 19, 2026
Microsoft says it has disrupted a malware-signing-as-a-service (MSaaS) operation that abused the company's Artifact Signing service to generate fraudulent code-signing certificates used by ransomware gangs and other cybercriminals. [...]

GitHub Investigating TeamPCP Claimed Breach of ~4,000 Internal Repositories

May 20, 2026
GitHub on Tuesday said it's investigating unauthorized access to its internal repositories after the notorious threat actor known as TeamPCP listed the platform's source code and internal organizations for sale on a cybercrime forum."While we currently have no evidence of impact to customer information stored outside of GitHub's internal repositories (such as our customers' enterprises,