Here's your daily roundup of the most relevant AI and ML news for July 18, 2026. Today's digest includes 3 security-focused stories. Click through to read the full articles from our curated sources.
Security & Safety
1. Seven Malicious Vite npm Packages Use Blockchain C2 to Deliver a RAT
Cybersecurity researchers have discovered a cluster of seven malicious npm packages targeting the Vite frontend tooling ecosystem as part of a software supply chain attack.
The malicious package campaign, codenamed ViteVenom by Checkmarx, marks an expansion of ChainVeil, which was observed using...
Source: The Hacker News (Security) | 19 hours ago
2. New wp2shell WordPress Core Flaw Lets Unauthenticated Attackers Run Code
Updated July 18, 2026: the two flaws now carry CVE IDs, the full mechanism has been published, a persistent-object-cache condition has surfaced, and a working proof-of-concept is public. The story below reflects all of it.
An anonymous HTTP request can run code on a WordPress site. The bug is in...
Source: The Hacker News (Security) | 16 hours ago
3. OpenSSL HollowByte Flaw Could Freeze Server Memory with 11-Byte TLS Requests
Eleven bytes will make an unpatched OpenSSL server set aside up to 131 KB of memory for a message that never arrives. On the glibc systems Okta tested, that memory is gone until the process restarts.
OpenSSL shipped the HollowByte fix in June with no CVE, no advisory, and no changelog entry poin...
Source: The Hacker News (Security) | 17 hours ago
HuggingFace & Models
4. Fine-tune video and image models at scale with NVIDIA NeMo Automodel and 🤗 Diffusers
Source: HuggingFace Blog | 22 hours ago
Tech & Development
5. Prompt Injection Attacks Are Thwarting AI Hacking Agents
“Context bombing” tricks malicious AI agents into shutting down before they can do harm.
Source: Wired - AI | 5 hours ago
6. The Htop for LLM Inference
Article URL: https://github.com/helasaoudi/llm-inspector Comments URL: https://news.ycombinator.com/item?id=48956776 Points: 4
Comments: 1
Source: Hacker News - AI | 3 hours ago
7. Show HN: ride-recap, teaching a LLM my taste to automate cycling highlights
TL;DR: Turn hours of raw GoPro footage + a .fit file into a 60-second highlight reel with ride telemetry burned in. Every second of the ride is scanned by gemini-3.5-flash, as is the clip ranking + curation. The whole thing costs about $0.04 per ride and takes 10 minutes.Longer version: Road cycl...
Source: Hacker News - AI | 1 hours ago
8. What if restaurant menus had AI copilots?
I have a small bakery called Delis Croissants in Amol, Iran. I beleive we have the most delicious croissants in the world so we need a cool digital menu as well but I couldn't find a digital menu I liked, so I asked claude code to built my own: Rumizi. Rumizi is Persian for tablecloth, the thing ...
Source: Hacker News - AI | 2 hours ago
About This Digest
This digest is automatically curated from leading AI and tech news sources, filtered for relevance to AI security and the ML ecosystem. Stories are scored and ranked based on their relevance to model security, supply chain safety, and the broader AI landscape.
Want to see how your favorite models score on security? Check our model dashboard for trust scores on the top 500 HuggingFace models.