New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
InfoWorld

GitHub finally pulls the plug on automatic install script execution for npm

The change, expected in July, will likely block one of the more common attack vectors; developers are wondering what took ...
GitHub

krishnamk00/Top-10-OpenSource-News-Weekly

Tetrate Allies With Bloomberg to Build AI Gateway Based on Envoy and Kubernetes APIs Open source LLM tool primed to sniff out Python zero-days Socket Accelerates Open-Source Security With $40M Series ...