The Hacker News

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.
cybernews

100K stars in a day: Claw-code based on leaked Claude Code smashes GitHub record

Claw-code, a clean slate rewrite of leaked Claude Code, is now the fastest growing GitHub repository, reaching 100K stars in one day. Anthropic is trying to contain the genie released from the bottle, ...
InfoWorld

On the pleasures and dangers of open source Python

Several of this week’s top stories touch on the pitfalls of open source development, especially when things like power, money, and ego are involved. Also, a look at Python’s nifty new sampling ...
SiliconANGLE

OpenAI acquires open-source Python tooling startup Astral

OpenAI Group PBC today announced plans to acquire Astral Software Inc., a startup with a set of widely used Python development tools. The terms of the deal were not disclosed. Astral’s development ...
Ars Technica

OpenAI is acquiring open source Python tool-maker Astral

OpenAI announced Thursday that it has entered into an agreement to acquire Astral, the company behind popular open source Python development tools such as uv, Ruff, and ty, and integrate the company ...
InfoQ

Google Open-Sources the Common Expression Language for Python

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Dany Lepage discusses the architectural ...
Hacker

Pydantic: What It Is and Why It's Useful

Pydantic is a popular open-source Python library for data validation and modeling. It offers tools to define the structure and rules of your data, ensuring its consistency and reliability. Pydantic is ...
Visual Studio Magazine

VS Code Team Member Blames User Trust Decisions in Repo-Based Attacks

A Hacker News commenter identifying as a VS Code team member said Workspace Trust is the intended security protection against repo-based attacks. The commenter acknowledged user experience issues and ...
The Hacker News

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

The North Korean threat actors behind the Contagious Interview campaign have once again tweaked their tactics by using JSON storage services to stage malicious payloads. "The threat actors have ...
IEEE

Python Open-Source Code Traceability Model Based on Graph Neural Networks

Abstract: When programmers write project code, they may copy or reference some open-source code, which may include defective code, causing vulnerabilities in the project. This causes a potential ...
KTLA

Loose python slithers to Southern California In-N-Out

A python that startled diners at a Monrovia In-N-Out drive-thru has been reunited with its owner, the Pasadena Humane Society said. The 4-foot-long, 3.6-pound snake was found on Tuesday at the newly ...
Bleeping Computer

'WhiteCobra' floods VSCode market with crypto-stealing extensions

A threat actor named WhiteCobra has been targeting VSCode, Cursor, and Windsurf users by planting 24 malicious extensions in the Visual Studio marketplace and the Open VSX registry. The campaign is ...