A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a ...

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...

The NHS Couch to 5k app is celebrating its 10-year anniversary having reached more than eight million downloads.

Four npm packages linked to SAP's Cloud Application Programming Model were hijacked. The hackers added code that steals ...

Multiple official SAP npm packages were compromised in what is believed to be a TeamPCP supply-chain attack to steal ...

The Bitwarden CLI NPM package compromise is tied to a Checkmarx supply chain attack and references the Shai-Hulud worm.

Fake packages aim to steal data, credentials, and secrets, and to infect every package created using them, in what could be ...

Silver Fox spreads ABCDoor via 1,600 phishing emails in 2026 targeting India and Russia, enabling data theft and remote ...

WordPress is losing market share, and over 10% of its sites are abandoned. Astro is getting downloaded 2.5 million times per ...

It's not perfect by any means, but the new Archives museum remains a fabulous advance in archival access for everyone.

The terminal is fine. But if you actually want to live in your Hermes agent, here are the four best GUIs the community has ...