SecurityWeek

Researchers Demo New Claude Code Attack Using Harmless-Looking Repositories to Hijack Developer Machines

Attackers can inject indirect prompts in normal-looking repositories to trick Claude Code into spawning a reverse shell.
Tech Times

NVIDIA AI Infrastructure Bet Fails: Caffe Creator Quits Over Broken Pledge

NVIDIA AI infrastructure bet collapses as Caffe creator Yangqing Jia quits after a broken open-source pledge. SemiAnalysis ...
How-To Geek on MSN

These 7 Python libraries are useful even if you're not a developer

Every Python developer knows some or all of these libraries, because they’re stable, reliable, and excellent at what they do.

AlphaFold pioneer who won a Nobel Prize alongside Demis Hassabis leaves Google DeepMind for Anthropic

John Jumper, a key member of the team at Google DeepMind for nearly a decade, is decamping for Anthropic.
Business Wire

Krisp Launches Voice Translation v3, Opens Enterprise-Grade Translation to Developers

The same engine that powers live healthcare and high-stakes contact center calls is now self-serve via API, with new quality controls for enterprise. BERKELEY, Calif.--(BUSINESS WIRE)--Krisp, the ...
Ars Technica

Millions of AI agents imperiled by critical vulnerability in open source package

Millions of AI agents and tools around the world have been imperiled by a critical vulnerability that can allow hackers to breach the servers running them and make off with sensitive data and ...
theblock

Researchers flag TrapDoor malware campaign targeting crypto developer environments including Aptos, Sui and Solana

The TrapDoor malware campaign has targeted crypto developer environments tied to Aptos, Sui, and Solana through more than 34 malicious packages and over 384 related versions across npm, PyPI, and ...
The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The campaign, codenamed TrapDoor, spans more ...
IEEE

Typosquatting and Combosquatting Attacks on the Python Ecosystem

Abstract: Limited automated controls integrated into the Python Package Index (PyPI) package uploading process make PyPI an attractive target for attackers to trick developers into using malicious ...
The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through stolen developer npm tokens. The malware ...
GitHub

Python and C library for Source Extraction and Photometry.

Source Extractor (Bertin & Arnouts 1996) is a widely used command-line program for segmentation and analysis of astronomical images. It reads in FITS format files, performs a configurable series of ...
GitHub

Neo4j Bolt Driver for Python

This repository contains the official Neo4j driver for Python. Driver upgrades within a major version will never contain breaking API changes. For version ...