500 Poisoned Packages, Hundreds of Companies: TeamPCP’s Worm Just Reached GitHub

A GitHub employee installed a routine VS Code extension update, handed cybercrime group TeamPCP enough access to exfiltrate ...
Cards Wire

State announces start of 2026 Florida Python Challenge. $25K at stake

There are many types of hunts and hunting seasons in the United States, but Florida may have the most interesting hunt in the ...
CSO Online

Unpatched ChromaDB flaw leaves servers open to remote code execution

The ChromaToast vulnerability can be exploited by forcing the ChromaDB API server to fetch and load maliciously crafted AI ...
Electronics360

A simple tool to build and deploy AI on microcontrollers

Semiconductor provider Nuvoton Technology has launched a graphical user interface (UI) tool designed specifically for machine ...

2026 Python Challenge hunters will find snakes unfazed by winter cold

The winter freeze didn't dim the Burmese python population in Florida but the drought may mean new challenges to hunters in ...
Morning Overview on MSN

Three separate supply-chain attacks hit npm, PyPI, and Docker Hub within 48 hours — all three targeted developer cloud credentials and SSH keys

Sometime around the last week of May 2026, attackers uploaded poisoned packages to three of the most widely used software ...
PCMag

OpenAI Tells Mac Users to Update Apps After Software Supply Chain Attack

OpenAI was hit by a supply chain attack involving hackers publishing a malicious version of Tanstack software used for web ...
ProVideo Coalition

Foundry’s updated Nuke Stage simplifies virtual production workflows

First revealed at NAB 2025, Nuke Stage enables real-time playback of photoreal environments onto LED walls using standard ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious ...
The Hacker News

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

Fake OpenAI Privacy Filter hit #1 on Hugging Face with 244,000 downloads, spreading infostealer malware to Windows users.

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...
Fox News

Fake Windows update installs hidden malware

If you've ever clicked "Check for updates" and trusted what you saw, you're not alone. That's exactly what this latest scam is counting on. The page mimics official branding, includes a believable ...