InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...

Chinese APT deploys new malware to keep access to hacked networks

A Chinese espionage group tracked as UNC5221 has been accessing Microsoft 365 environments using the Brickstorm backdoor and ...

'Please do not vibe f--- up this software': Broken backups spark AI coding row in rsync project

Users probe backup failures find Claude-assisted commits. Veteran engineer retorts: 'I did not just vibe-code 'convert test ...
HotHardware

Microsoft Surface RTX Spark Dev Box Puts 1 Petaflop Of Compute On Your Desk

After rolling out its Surface Laptop Ultra earlier this week, Microsoft is following up with its Surface RTX Spark Dev Box, a sleek and compact PC that brings a bit of Xbox Series X styling to the RTX ...
InfoWorld

Pyrefly 1.0: A fast, forward-looking Python linter

Meta’s Rust-powered linter and type checker for Python pairs blazing speed with advanced and innovative features.
MUO on MSN

How OliveTin lets you run server bash scripts from a browser without SSH

OliveTin puts all my annoying server jobs behind browser buttons within easy reach.
CNX Software

Gesture HW1 is a 10-DOF ESP32-S3 robotic hand with high-dexterity manipulation (Crowdfunding)

The HW1 by Gesture Platforms is a 10-degree-of-freedom (DOF) high-dexterity robotic hand and wrist built around an ESP32-S3 wireless MCU. It’s primarily designed for researchers, educators, and ...
The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.
How-To Geek on MSN

You're using Excel wrong if you're still manually cleaning data—Python does it for you in seconds

Save your clicks with a few lines of Python code.

Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering

Four supply-chain attacks hit OpenAI, Anthropic, and Meta in 50 days — none inside the model. A 7-row matrix maps what AI vendor questionnaires are missing.