PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

Anaconda Releases Desktop in Public Beta, Unifying AI Development Workflow

Anaconda, an infrastructure provider for the Python community, has released Anaconda Desktop in public beta, designed for AI ...
Dark Reading

UNC6692 Combines Social Engineering, Malware, Cloud Abuse

A newly discovered threat actor is using Microsoft Teams, AWS S3 buckets, and custom "Snow" malware in a multipronged ...
The Hacker News

SGLang CVE-2026-5760 (CVSS 9.8) Enables RCE via Malicious GGUF Model Files

CVE-2026-5760 (CVSS 9.8) exposes SGLang via /v1/rerank endpoint, enabling RCE through malicious GGUF models, risking server ...
DATAQUEST

Best AI Courses in 2026: Beginner to advanced Pro certifications to boost salary and career in India

Best AI courses 2026 in India including Google, AWS, and MIT certifications. Learn AI from beginner to expert level and boost ...

Top open source PyPI package with over 1 million downloads each month hacked to send out malware

This was not a case of stolen credentials, but rather of vulnerability exploitation.
Infosecurity Magazine

Systemic Flaw in MCP Protocol Could Expose 150 Million Downloads

However, in a report published on April 15, researchers at Ox Security claimed that a flaw in the protocol could enable ...
CSO Online

RCE by design: MCP architectural choice haunts AI agent ecosystem

Unsafe defaults in MCP configurations open servers to possible remote code execution, according to security researchers who ...
The Hacker News

Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain

Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's (MCP) architecture ...
The Next Web

Google just launched its agentic enterprise play, and it runs from chip to inbox

Google launches AI agent suite at Cloud Next 2026 with Workspace Studio, A2A protocol at 150 orgs, and Project Mariner. The pitch: only Google owns the full stack.

There's a Cave Full of Bats Infected by the 'Bleeding Eye' Virus. People Are Trespassing to See It, and Scientists Want It to Stop

While studying predators visiting Python Cave, home to bats confirmed to have Marburg virus, scientists observed hundreds of ...