ChromaDB CVE-2026-45829 Allows Pre-Auth Server Takeover
HiddenLayer disclosed ChromaToast, a pre-auth RCE in ChromaDB Python FastAPI server deployments that can execute a malicious model before access checks run.
News desk
Security incidents, exploited vulnerabilities, breach reports, malware campaigns, and urgent patch notes arranged for fast daily scanning.
July 15, 2026
HiddenLayer disclosed ChromaToast, a pre-auth RCE in ChromaDB Python FastAPI server deployments that can execute a malicious model before access checks run.
A practical guide to Microsoft Defender detection names and Protection History statuses, including Remediation incomplete, Quarantine failed, Threat abandoned, false positives, and safe follow-up…
INTERPOL says Operation Ramz led to 201 arrests and the seizure of phishing and malware infrastructure across the MENA region.
SentinelOne says SHub Reaper uses fake macOS security and login prompts to move victims from a trusted-looking page into credential and data theft.
A public MiniPlasma proof-of-concept shows local privilege escalation to SYSTEM on fully patched Windows 11. The risk starts after local execution, so it matters…
Calif says researchers used Anthropic’s Mythos Preview to build a local macOS kernel exploit chain on an M5 Mac in five days. Details are…
ESET says FrostyNeighbor is using fake Ukrtelecom-themed PDF lures, Ukrainian geofencing, JavaScript PicassoLoader, and selective Cobalt Strike delivery against Ukrainian government targets.
Device code phishing uses a real Microsoft login page to authorize an attacker session. Learn 2026 lure red flags, response steps, and Microsoft 365…
Avada Builder patched two WordPress vulnerabilities that could expose server files or database data. Site owners should update to 3.15.3 and review affected access…