InfoWorld

Critical flaw in Marimo Python notebook exploited within 10 hours of disclosure

The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says.
The Hacker News

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.
GitHub

SubprocessCLITransport.close() hangs indefinitely if subprocess shutdown handler blocks

SubprocessCLITransport.close() in the Python claude-agent-sdk sends SIGTERM to the Claude Code subprocess, then calls await self._process.wait() with no timeout. If the Claude Code Node.js process ...
GitHub

test_mcp_client.py

MCP Client for testing dap-mcp debugging tools. Uses JSON-RPC 2.0 over stdio to communicate with dap-mcp server. Based on Model Context Protocol specification.