The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.

ReversingLabs 2026 Software Supply Chain Security Report Identifies 73% Increase in Malicious Open-Source Packages

According to the firm’s latest supply chain security report, there was a 73% increase in detections of malicious open-source packages in 2025. The past year also saw a huge jump in the scope of ...
GitHub

Unofficial NotebookLM Enterprise API client

This project targets the NotebookLM Enterprise API only. Google hasn’t published an API for the consumer edition or general Google Workspace tenants as of 2025-10-25. Prerequisite: a Google Cloud ...
Cybernews

North Korea is turning open-source projects into malware traps

North Korea is doubling down on a familiar playbook by weaponizing trust in open-source software and developer workflows. The ...
GitHub

Building the Virtuous Cycle for AI-driven LLM Systems

FlashInfer-Bench is a benchmark suite and production workflow designed to build a virtuous cycle of self-improving AI systems. It is part of a broader initiative to build the virtuous cycle of AI ...
IEEE

Detecting Learning Behavior in Programming Assignments by Analyzing Versioned Repositories

Abstract: Computing education plays a significant role in shaping the calibre of future computing professionals; hence, improving its quality is a valuable endeavour. A promising approach to enhance ...
TechJuice

The “Invisible Commands” That Let Hackers Hijack Anthropic’s Git Server

Three serious prompt injection vulnerabilities in Anthropic’s Git MCP server briefly enabled remote code execution and file ...