PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...

Locked, stocked, and losing budget: AI vendor lock-in bites back

Opinion The days when you could jump from one frontier AI model to another at the drop of a hat are going away as vendor lock ...

How to use Codex to build a Website

What makes Codex useful for building websites is that it can install software packages, run a local preview server, track ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...
MIT Technology Review

The Download: murderous ‘mirror’ bacteria, and Chinese workers fighting AI doubles

Using lessons from the ISS, NASA has partnered with private companies to develop new commercial space stations for research, ...
The Hacker News

Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain

Malicious KICS Docker tags and VS Code versions 1.17.0, 1.19.0 enabled data exfiltration, risking exposed infrastructure ...

I found an Android TV launcher that just works better than Google's

Arc Launcher fixes what Google TV gets wrong ...

GitKraken Desktop 12.0 Introduces Agent Mode: Gives Developers Ultimate Control & Visualization While Scaling Parallel Agent Workflows

As AI Agents Write More of the Code, GitKraken Gives Every Developer the Tools to Stay in CommandSCOTTSDALE, Ariz., ...

Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.
Security Boulevard

From fake Proton VPN sites to gaming mods, this Windows infostealer is everywhere

Hiding in imposter sites, GitHub downloads, and YouTube links, this infostealer is designed to hijack accounts and drain ...

This Free App Lets You Play Your Steam Games From Your Phone

Mobile gaming doesn't have to be limited to basic word games and puzzle titles. There's an app that lets you enjoy actual ...
CPO Magazine

Axios Supply Chain Attack Hits OpenAI: Users Urged to Update macOS Certificates

The supply chain attack on third-party library Axios has forced OpenAI to revoke its code-signing certificate and require ...