Security Boulevard

Malicious PyTorch Lightning Packages Found on PyPI

TL;DR Two malicious versions of the popular PyTorch Lightning package have been uploaded to PyPI following the publisher ...

One tool call to rule them all? New open source Python tool RunPod Flash eliminates containers for faster AI dev

With Flash GA, the company is attempting to transition from being a provider of raw compute to becoming the essential ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
TechPP

Files is the Best File Explorer Alternative for Your Windows PC

Upgrade your Windows file management with Files, a modern File Explorer alternative featuring dual-pane view, tabs, tags, and ...

Script Injection and Data Theft: Python Data Analysis Tool Compromised

The popular Python package for monitoring data quality was briefly available as a malicious version. Provider Elementary ...
Cybernews

One tiny exploit gives full Linux access: all kernels since 2017 are vulnerable

The critical "Copy Fail" bug (CVE-2026-31431) affects all Linux kernels since 2017, allowing unprivileged local users to gain ...
How-To Geek on MSN

The tiny open-source apps that somehow became essential (and you've probably never heard of them)

Stop using bloated tools—these 5 tiny open-source apps quietly solve problems nobody else bothers to fix and do more with ...

PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...
Hackaday

Building An IBM PCjr BIOS From Source Using Original Printed Source Code

As unloved as IBM’s PCjr was, with only a one-year production run, it’s hard to complain about the documentation available ...
Dark Reading

Bad Memories Still Haunt AI Agents

Anthropic fixed a significant vulnerability in Claude Code's handling of memories, but experts caution that memory files will ...
How-To Geek on MSN

You’re using the wrong app to open ZIP files on Windows

Don't overcomplicate things for yourself.
The Hacker News

SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

CVE-2026-5760 (CVSS 9.8) exposes SGLang via /v1/rerank endpoint, enabling RCE through malicious GGUF models, risking server ...