Morning Overview on MSN

PyTorch Lightning versions 2.6.2 and 2.6.3 were compromised on April 30 — check your installs

On April 30, 2026, someone slipped credential-stealing malware into two freshly published versions of PyTorch Lightning, one ...

Script Injection and Data Theft: Python Data Analysis Tool Compromised

The popular Python package for monitoring data quality was briefly available as a malicious version. Provider Elementary ...
Hosted on MSN

AI tools and curated lists spotlight hidden indie game gems

A surge of curated lists, platform features, and AI-powered tools is helping overlooked indie games gain visibility in 2026. Itch.io remains a central hub for creative and experimental titles, while ...
Green Party of the United States

Meet Our Nominees: Jill Stein & Butch Ware

Jill Stein and Butch Ware are the Green Party of the United States 2024 nominees for president and vice-president. Jill Stein is a Harvard-educated doctor, a pioneering environmental health advocate, ...
CSOonline

PyPI warns developers after LiteLLM malware found stealing cloud and CI/CD credentials

The compromised packages, linked to the Trivy breach, executed a three‑stage payload targeting AWS, GCP, Azure, Kubernetes configs, SSH keys, and automation pipelines before being removed. PyPI is ...
Bleeping Computer

PyPI urges users to reset credentials after new phishing attacks

The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. Accessible at pypi.org, PyPI is the default ...
World Bank

The Container Port Performance Index 2020 to 2024: Trends and lessons learned

Container ports are critical nodes in globally connected supply chains, handling merchandise and semi-finished products. The Container Port Performance Index (CPPI) measures the time container ships ...
Transparency International

Corruption Perceptions Index 2024

The 2024 Corruption Perceptions Index (CPI) shows that corruption is a dangerous problem in every part of the world, but change for the better is happening in many countries. Research also reveals ...
InfoWorld

3 takeaways from the Ultralytics AI Python library hack

When attackers compromised Ultralytics YOLO, a popular real-time object detection machine-learning package for Python, most assumed the Python Package Index, or PyPI, must be the point of failure.
The Hacker News

Malicious PyPI Package ‘Fabrice’ Found Stealing AWS Keys from Thousands of Developers

Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) that has racked up thousands of downloads for over three years while stealthily exfiltrating developers ...
Infosecurity-magazine.com

PyPI Revival Hijack Puts Thousands of Applications at Risk

A new software supply chain attack is being exploited in the wild, according to security researchers. The technique targets Python applications distributed via the Python Package Index, or PyPI.