New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

Malicious Hugging Face Models Could Trigger Remote Code Execution

A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
XDA Developers on MSN

I built a Python utility using Claude to automate my image editing workflow, and it saves me hours every week

Vibe-coding your problems away doesn't get easier than this ...
CSO Online

Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...
TMCnet

dltHub Named 2026 Snowflake Startup Program Product Partner of the Year

SAN FRANCISCO, June 3, 2026 /PRNewswire/ -- dltHub, the company behind the open-source Python library dlt and the agentic ...
Louisville Public Media

Louisville Free Public Library’s mascots Gorp and Stick talk books, nature and summer reading

Library mascots Gorp and Stick share what’s in store for Louisville Free Public Library’s “Wild About Reading” summer reading ...
InfoWorld

Pyrefly 1.0: A fast, forward-looking Python linter

Meta’s Rust-powered linter and type checker for Python pairs blazing speed with advanced and innovative features.

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...
Morning Overview on MSN

Three separate supply-chain attacks hit npm, PyPI, and Docker Hub within 48 hours — all three targeted developer cloud credentials and SSH keys

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...
IEEE

sQUlearn: A Python Library for Quantum Machine Learning [Focus: Quantum Software and Its Engineering]

Abstract: sQUlearn introduces a user-friendly, noisy intermediate-scale quantum (NISQ)-ready Python library for quantum machine learning (QML), designed for seamless integration with classical machine ...
Ars Technica

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...