The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.
The Hacker News

OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident

OpenAI revoked its macOS signing certificate after a malicious Axios dependency incident on March 31, 2026, preventing ...

NetKnights releases privacyIDEA 3.13 with enhanced passkey functionality and new web interface

The IT security company NetKnights has released version 3.13 of its multi-factor authentication software, privacyIDEA ...
heise online

Supply chain attack on LiteLLM: Affected parties should change credentials

An attack on the open-source library for connecting to LLMs has apparently occurred, allowing two compromised packages to steal credentials. The LiteLLM development team has announced a security ...
The Guardian

Molecule in python blood could pave way for new obesity drugs, scientists say

Researchers find snake metabolite that suppresses appetite of obese mice ‘without some of side-effects’ of GLP-1 drugs Pythons follow the ultimate crash diet, swallowing an antelope in a single ...
Bleeping Computer

PyPI urges users to reset credentials after new phishing attacks

The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. Accessible at pypi.org, PyPI is the default ...
InfoWorld

Air-gapped Python: Setting up Python without a net(work)

Installing Python and related applications on a system without a network connection isn’t easy, but you can do it. Here’s how. The vast majority of modern software development revolves around one big ...