Bleeping Computer

Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary code on exposed servers. The flaw is tracked as ...
CSO Online

FastAPI-based AI tools exposed to authentication bypass by flaw in Starlette framework

Researchers who found the bug warn that its Moderate rating understates a threat reaching across LLM gateways, MCP servers and agent infrastructure.
CSOonline

Unpatched ChromaDB flaw leaves servers open to remote code execution

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI models before authentication is checked. Researchers have published details ...
InfoWorld

Pyrefly 1.0: A fast, forward-looking Python linter

Meta’s Rust-powered linter and type checker for Python pairs blazing speed with advanced and innovative features.

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to breach the servers running them and make off with sensitive data and ...

Worrying open-source security issue 'BadHost' could affect millions of AI agents

The risk is "materially understated", researchers are saying as passwords and critical data can be exfiltrated.

Vibe Coding Cheat Sheet: Tools, Prompts, Security Tips, and More

This vibe coding cheat sheet explains how plain-language prompts can build apps fast, plus the planning, testing, and ...
GitHub

Google Drive Management API built with FastAPI, OAuth2, and Google Drive API for authentication, file listing, reading, and uploading.

Google Drive Management API is a FastAPI-based backend application that integrates with Google Drive using OAuth 2.0 authentication. The project allows users to authenticate with their Google account, ...