The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.

ReversingLabs 2026 Software Supply Chain Security Report Identifies 73% Increase in Malicious Open-Source Packages

According to the firm’s latest supply chain security report, there was a 73% increase in detections of malicious open-source packages in 2025. The past year also saw a huge jump in the scope of ...
Cybernews

North Korea is turning open-source projects into malware traps

North Korea is doubling down on a familiar playbook by weaponizing trust in open-source software and developer workflows. The ...
TechJuice

The “Invisible Commands” That Let Hackers Hijack Anthropic’s Git Server

Three serious prompt injection vulnerabilities in Anthropic’s Git MCP server briefly enabled remote code execution and file ...
The Hacker News

Three Flaws in Anthropic MCP Git Server Enable File Access and Code Execution

Three vulnerabilities in Anthropic’s MCP Git server allow prompt injection attacks that can read or delete files and, in some ...
Decrypt

Elon Musk’s X Open-Sources Grok-Powered Algorithm Driving 'For You' Feed

The social media platform has taken a step towards transparency amid ongoing battles over platform spam and non-consensual AI ...

The AI powered path to Tech Simplification and Tech Debt Management in BFSI

Continuous tech-debt monitoring & governance Tech debt removal is typically reactive and ad-hoc exercise. AI can help run periodic scans, update debt scores, and feed insights into tech governance ...

Python libraries used in top AI and ML tools hacked

The bugs have been fixed, so users should patch now, experts warn.
Tech Xplore

New framework helps AI systems recover from mistakes and find optimal solutions

If you use consumer AI systems, you have likely experienced something like AI "brain fog": You are well into a conversation ...