InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
CSO Online

Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...
How-To Geek on MSN

Claude's no-code canvas replaces hours of Python debugging in minutes

I ditched my terminal for Claude's built-in code executor, and I'm not going back.
Dark Reading

'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud

Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...

Open-source FLIM Playground could speed reproducible analysis of complex cell images

Modern fluorescence microscopy can generate images of living cells as stunning to look at as they are informative to study. For techniques like fluorescence lifetime imaging microscopy (FLIM), those ...

Exclusive: MotherDuck adds agentic data ingestion to its cloud analytics service

MotherDuck Corp., the maker of a cloud-native data warehouse based on the open-source DuckDB analytical engine, is betting ...

New 7-Zip security flaw could put hundreds of millions of systems at risk

A recently disclosed security flaw could turn 7-Zip into a powerful tool for cybercriminals seeking to spread malware online and compromise large numbers of PCs. The ...

I've tested so many desktop AI tools, but Hermes with Ollama is my new favorite - here's why

I've tested so many desktop AI tools, but Hermes with Ollama is my new favorite - here's why ...

Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that compromised LiteLLM, a widely used open-source Python ...