Popular Windows 11 file manager Files gets improved tags, layouts, and new OneDrive icon

A new version of Files, a popular file manager for Windows 10 and 11, is out with improved folder size calculation, a new ...

Fact files

Steropodon was a platypus-like mammal that lived alongside the dinosaurs. It spent most of its time in freshwater creeks and billabongs, probably eating yabbies and other small aquatic animals.
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...

New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
Dark Reading

'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud

Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...
XDA Developers on MSN

I used Claude Code to build a utility that fetches files by the way I describe it, and it's better than any file explorer I've used

I might never have to remember what I named my files again ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
XDA Developers on MSN

I built a Python utility using Claude to automate my image editing workflow, and it saves me hours every week

Vibe-coding your problems away doesn't get easier than this ...
CSO Online

Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...
The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.

Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that compromised LiteLLM, a widely used open-source Python ...