Dark Reading

'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud

Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...

digna Introduces Python SDK and Docker Deployment in Release 2026.06

Vienna, Austria, June 25, 2026 -- digna, the European data quality and observability platform, today announced the release of ...
Meduza

Russia’s federal censor denies blocking Python’s package index as developers scramble for workarounds

On Monday, Russian users found they could no longer reach PyPI, the package repository that Python developers rely on for ...
InfoWorld

Write cleaner and faster Python code

Check out Python’s powerful new linters and profiling tools, and learn how virtual environments can save you time and trouble ...

Apple takes over Swift Package Index, vows to remove GitHub dependency

The Swift Package Index (SPI), a search engine for open source packages for the Swift programming language, is now part of ...

Microsoft fixes AutoGen Studio flaw that enabled code execution

A vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers ...
CSO Online

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

OpenAI: Yoo-hoo, look over here, we do that security stuff too!

Speaking of Codex: OpenAI on Monday released a Codex Security plugin⁠ that the company says “enables out-of-the-box defensive ...
SecurityWeek

Exploitable CI/CD Vulnerabilities Expose Millions of Repositories to Hijacking

Cordyceps, a systemic class of exploitable CI/CD vulnerabilities, allows unauthenticated attackers to hijack developer ...
Hosted on MSN

Top open source PyPI package with over 1 million downloads each month hacked to send out malware

A widely used PyPI package was recently compromised through a malicious update The attack leveraged a GitHub Actions workflow to push infostealer code into a release Maintainers quickly issued a clean ...