Microsoft

From package to postinstall payload: Inside the Mastra npm supply chain compromise

A poisoned npm package infected 140+ projects with a hidden payload. This report highlights how to detect, hunt, and defend ...
Frontiers

Python in neuroscience

Python is rapidly becoming the de facto standard language for systems integration. Python has a large user and developer-base external to the neuroscience community, and a vast module library that ...
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...
GitHub

Track Your Data Science

When it comes to data science, you have excellent tools at your disposal: pandas and polars for data exploration, skrub for stateful transformations, and scikit-learn for model training and evaluation ...
The Hacker News

ThreatsDay Bulletin: AI Agents Gone Wrong, Sketchy C2 Tools, ClickFix Tricks, JS Backdoors & 20+ New Stories

Weekly ThreatsDay recap: old bugs, fake tools, shady payload tricks, AI mishaps, and the usual reminder that the internet is ...
The Hacker News

AI Chatbot Recommendations Redirect Users to Cryptojacking Malware Sites

Microsoft has warned of an active cryptojacking campaign that makes use of artificial intelligence (AI) chatbot interactions as a mechanism for surfacing malicious download sites. "This emerging ...
GitHub

A fast, modern EnergyPlus IDF/epJSON toolkit for Python.

idfkit is in beta. The API may change between minor versions. We're looking for early adopters and testers — especially users of eppy who want better performance and a modern API. If you try it out, ...