New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
CSO Online

Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...
SecurityBrief Australia

CrowdStrike disrupts Glassworm botnet targeting developers

Developers using open-source tools face heightened supply-chain risk after the botnet lost all four of its command channels.
How-To Geek on MSN

How to create professional-looking plots in Python

Use Python to make your data visualizations stand out.

My new favorite Windows app made my PC safer and more reliable - and it's free

My new favorite Windows app made my PC safer and more reliable - and it's free ...

Dev Configs for Windows: From fresh install to IDE in one command

With Microsoft's new Dev Configs, a Windows installation becomes a ready-to-use developer workstation with a single command – ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...
Computer Weekly

Glassworm botnet that targeted OS devs smashed to pieces

CrowdStrike, Google and the Shadowserver Foundation worked together to take down a botnet that poisoned over 300 GitHub ...

Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that compromised LiteLLM, a widely used open-source Python ...
How-To Geek on MSN

You're using Excel wrong if you're still manually cleaning data—Python does it for you in seconds

Save your clicks with a few lines of Python code.

500 Poisoned Packages, Hundreds of Companies: TeamPCP’s Worm Just Reached GitHub

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate approximately 3,800 of GitHub's internal source code repositories — everythi ...