The Hacker News

PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux

ZiChatBot malware spread via 3 PyPI packages in July 2025 uses Zulip APIs as C2, enabling stealthy attacks across systems ...

Backdoored PyTorch Lightning package drops credential stealer

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a ...
InfoWorld

Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are ...

Google says criminals used AI to build a working zero-day exploit for the first time

Criminal hackers have used artificial intelligence to develop a working zero-day exploit, the first confirmed case of its ...
Hosted on MSN

Python\u2019s 2026 Graphics Stack Turns Students into CAD Designers

As you prepare for FSU and balance housing, onboarding, and EMT certification prep, you might wonder where Python fits into the broader engineering landscape. The answer lies in a quiet revolution: ...
Hosted on MSN

Building Python Puzzle Solvers with Copilot in 2026

The landscape of puzzle-solving has shifted from manual brute-force methods to AI-assisted development, with Microsoft Copilot now capable of generating and editing code directly in your live ...

QLNX: New Remote Access Trojan targets Linux developers

Quasar Linux (QLNX) is not an operating system, but a supply chain attack tool that is difficult to detect and remove.
InfoWorld

Supply-chain attacks take aim at your AI coding agents

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...
The Next Web

The AI industry’s model and agent skill repositories are full of malware. The infrastructure built to accelerate development is now the vector for compromising it.

Hugging Face hosts 352,000 unsafe model issues. ClawHub's registry contains 341 malicious AI agent skills. The AI supply chain is now the most attractive target in software security.

New PCPJack worm steals credentials, cleans TeamPCP infections

A new malware framework called PCPJack is stealing credentials from exposed cloud infrastructure while actively removing ...

Online archives of over 20 years of tech reporting | The Register

Dive into The Register's online archive of incisive tech news reporting, features, and analysis dating back to 1998 ...