Hackaday

This Week In Security: The Supply Chain Has Problems

The biggest story of the week is a new massive supply chain breach, which appears to be unrelated to the previous massive supply chain breaches, this time of the Axios HTTP project. Axios was ...
Microsoft

Mitigating the Axios npm supply chain compromise

On March 31, 2026, the popular HTTP client Axios experienced a supply chain attack, causing two newly published npm packages ...
The Hacker News

North Korean Hackers Abuse VS Code Auto-Run Tasks to Deploy StoatWaffle Malware

North Korean hackers exploit VS Code tasks.json auto-run since Dec 2025 to deploy StoatWaffle malware, stealing data and ...
GitHub

involvex/vscode-npm-package-manager

Auto-detect Node.js projects with package.json in the workspace Support for multi-root workspaces with independent package management Configurable project-specific settings (registry, install flags, ...
The Hacker News

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain ...
Bleeping Computer

PyPI urges users to reset credentials after new phishing attacks

The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. Accessible at pypi.org, PyPI is the default ...
GitHub

Unable or resolve indirect imports

This has to be a bug, because it was working just fine a few days ago. As you can see from the video, the suggestions for imports includes select, but afterwards, everything else acts dumb and refuses ...
Infosecurity-magazine.com

Open Source Community Thwarts Massive npm Supply Chain Attack

A potential npm supply chain disaster was averted in record time after attackers took over a verified developer’s credentials. On September 8, Josh Junon, a developer with over 1800 GitHub ...
marktechpost

JSON Prompting for LLMs: A Practical Guide with Python Coding Examples

JSON Prompting is a technique for structuring instructions to AI models using the JavaScript Object Notation (JSON) format, making prompts clear, explicit, and machine-readable. Unlike traditional ...
InfoWorld

PyApp: An easy way to package Python apps as executables

Written in Rust, the PyApp utility wraps up Python programs into self-contained click-to-run executables. It might be the easiest Python packager yet. Every developer knows how hard it is to ...
C&EN

DynamiSpectra: A Python Software Package and Web Platform for Molecular Dynamics Data Analysis in Computational Biology

Keizo Asami Institute, iLIKA, Federal University of Pernambuco, Recife, Pernambuco 50670-901, Brazil Graduate Program in Biology Applied to Health, PPGBAS, Federal University of Pernambuco, Recife, ...