PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...
XDA Developers on MSN

5 open-source developer tools that are better than their well-funded competitors

Better than billion-dollar software.
The Hacker News

Cohere AI Terrarium Sandbox Flaw Enables Root Code Execution, Container Escape

CVE-2026-5752 CVSS 9.3 flaw in Terrarium enables root code execution via Pyodide prototype traversal, risking container ...

Another npm supply chain worm is tearing through dev environments

Yet another npm supply-chain attack is worming its way through compromised packages, stealing secrets and sensitive data as ...
Techzine Europe

Malicious Python package poses new supply chain threat

The open-source package elementary-data, with over a million downloads per month, has been compromised. Attackers exploited a vulnerability in a GitHub ...
diginomica

Cloudsmith warns - most teams won't meet the EU Cyber Resilience Act's software supply chain deadline

Most organizations can see their software security risks. Far fewer can act on them fast enough to matter – and with the EU ...

Milesight Launches EG71, the Industry's First Unified Gateway for Deep Building Integration

Milesight, a leading provider of innovative IoT products, announced the launch of the EG71 Building IoT Gateway, designed to address smart building integration challenges.
CSO Online

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...