The Hacker News

PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux

ZiChatBot malware spread via 3 PyPI packages in July 2025 uses Zulip APIs as C2, enabling stealthy attacks across systems ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...

Backdoored PyTorch Lightning package drops credential stealer

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a ...
InfoWorld

Why it’s so hard to create stand-alone Python apps

Ever wonder why packaging a Python app and its dependencies as a single executable is such a pain? Blame it on the dynamism ...

Why this Florida python raises new alarm about invasive spread

Long-term tracking shows a Burmese python is rewriting assumptions about breeding, giving new intel for Florida's battle ...
Morning Overview on MSN

PyTorch Lightning versions 2.6.2 and 2.6.3 were compromised on April 30 — check your installs

On April 30, 2026, someone slipped credential-stealing malware into two freshly published versions of PyTorch Lightning, one ...
InfoWorld

Supply-chain attacks take aim at your AI coding agents

A North Korean APT has crafted malicious software packages to appeal to AI coding agents, while ‘slopsquatting’ shows the ...

Runpod Launches Flash: The Fastest Way to Deploy AI Inference

Runpod, the AI developer cloud, today announced the general availability of Runpod Flash, an open-source Python SDK that removes the infrastructure overhead between writing AI code and running it in ...