New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
InfoWorld

Write cleaner and faster Python code

Check out Python’s powerful new linters and profiling tools, and learn how virtual environments can save you time and trouble ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
Meduza

Russia’s federal censor denies blocking Python’s package index as developers scramble for workarounds

On Monday, Russian users found they could no longer reach PyPI, the package repository that Python developers rely on for ...

Guns? Weapons hunters can use in Florida's python challenge

Can you use your firearm while competing in the Florida Python Challenge? Here's what to know before it begins.

OpenAI: Yoo-hoo, look over here, we do that security stuff too!

Speaking of Codex: OpenAI on Monday released a Codex Security plugin⁠ that the company says “enables out-of-the-box defensive ...
Bleeping Computer

Microsoft fixes AutoGen Studio flaw that enabled code execution

A vulnerability chain dubbed AutoJack in Microsoft’s AutoGen Studio interface for prototyping AI agents could let attackers manipulate an agent into executing arbitrary commands on its host system ...
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...
Dark Reading

Miasma Supply Chain Worm Burrows Into 73 Microsoft Repositories

The attacks stemmed from a GitHub account that was also compromised in a previous Miasma attack on Microsoft last month.

Devs know AI code is riddled with holes, but ship it anyway

Research by AppSec biz Checkmarx finds that 70 percent of developers believe AI-generated code has more vulnerabilities, and ...
The Hacker News

OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack

The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic ...