The Hacker News

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

North Korea-linked Lazarus campaign spreads malicious npm and PyPI packages via fake crypto job offers, deploying RATs and ...
The Hacker News

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.
The New York Times

YouTube TV to launch a new sports package next year

YouTube TV is attempting to make watching sports easier and cheaper. Chris McGrath / Getty Images YouTube TV will launch 10 genre-specific packages, including a YouTube TV Sports Plan in early 2026, ...
TheServerSide

Create your first Python AWS Lambda function in minutes

Community driven content discussing all aspects of software development from DevOps to design patterns. Ready to develop your first AWS Lambda function in Python? It really couldn’t be easier. The AWS ...
Ars Technica

Software packages with more than 2 billion weekly downloads hit in supply-chain attack

Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to be the world’s biggest supply-chain attack ever. “Sorry everyone, I should ...
International Monetary Fund

A Python Package to Assist Macroframework Forecasting: Concepts and Examples

In forecasting economic time series, statistical models often need to be complemented with a process to impose various constraints in a smooth manner. Systematically imposing constraints and retaining ...
InfoWorld

PyApp: An easy way to package Python apps as executables

Written in Rust, the PyApp utility wraps up Python programs into self-contained click-to-run executables. It might be the easiest Python packager yet. Every developer knows how hard it is to ...
bitnewsbot

Malicious PyPI Packages Uncovered: Supply Chain Risk for Python

Cybersecurity researchers have found harmful software in the official Python Package Index (PyPI) and npm package repositories, putting software supply chains at risk. The packages, called termncolor ...
CSOonline

Malicious PyPI package targets Chimera users to steal AWS tokens, CI/CD secrets

“Chimera-sandbox-extensions” exploit highlights rising risks of open-source package abuse, prompting calls for stricter dependency controls and DGA malware detection. A malicious Python package posing ...
CSOonline

Poisoned models in fake Alibaba SDKs show challenges of securing AI supply chains

Fake Alibaba Labs AI SDKs hosted on PyPI included PyTorch models with infostealer code inside. With support for detecting malicious code inside ML models lacking, expect the technique to spread.
Bleeping Computer

AI-hallucinated code dependencies become new supply chain risk

A new class of supply chain attacks named 'slopsquatting' has emerged from the increased use of generative AI tools for coding and the model's tendency to "hallucinate" non-existent package names. The ...