The Hacker News

OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack

Codex tokens were exfiltrated via a popular npm package, affecting users since v0.1.82 and enabling persistent account access ...

Max-severity flaw in ChromaDB for AI apps allows server hijacking

A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary code on exposed servers.
Communications of the ACM

Faults and Pitfalls in Implementing the Right to be Forgotten

This practice had to change when the European Union introduced Right to be Forgotten (RTBF)—first in 2014, as a standalone ...

Gemini 3.5 Flash might be fast enough for gen AI to make sense

We’ve gone through the 3.0 and 3.1 families since then, and now it’s on to version 3.5. Gemini 3.5 Flash is rolling out ...