techtimes

llama.cpp GGUF Parser Flaws: Critical Integer Overflow Enables Arbitrary Reads in Every Local AI Stack

A security researcher published six vulnerabilities in llama.cpp's model-file parser to the oss-security mailing list on May 15, 2026 — and none of them carry an assigned CVE number, meaning standard ...

‘TrapDoor’ malware targets crypto dev tools in supply chain attack

Developer platform Socket says a malware called TrapDoor is targeting crypto and AI developers across npm, PyPI and Crates, aiming to steal crypto wallet info and browser data.
XDA Developers on MSN

I tried a new 8B local LLM, and its design might be the biggest shift since DeepSeek R1

Zaya1-8B is a huge shift in LLMs, and the results are impressive.
CSO Online

Unpatched ChromaDB flaw leaves servers open to remote code execution

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...
Microsoft

Kazuar: Anatomy of a nation-state botnet

Kazuar, a sophisticated malware family attributed to the Russian state actor Secret Blizzard, has been under constant development for years and continues to evolve in support of espionage-focused ...
Hosted on MSN

Royce Keys drawn into Bloodline feud after SmackDown ambush

Royce Keys’ decisive win over Angel Garza on WWE SmackDown ended in a violent backstage ambush by Solo Sikoa and Talla Tonga, who also slammed Jacob Fatu through a table. The incident connects to Keys ...