The Hacker News

Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens

Self-propagating npm worm steals tokens via postinstall hooks, impacting six packages and expanding supply chain attacks.
TechAnnouncer

Effortless Python Video Download: A Step-by-Step Guide

Think of this as your friendly guide to making Python do the heavy lifting for your python video download needs. Setting up ...

Tesla's former VP Andrej Karpathy shares AI coding 'horror', 'Python supply chain attack ...

Andrej Karpathy, the former Tesla AI director and OpenAI cofounder, is calling a recent Python package attack \"software horror\"—and the details are ge.
Cryptopolitan on MSN

Axios supply chain attack raises risk to crypto wallets

Up to four npm packages on Axios were replaced with malicious versions, in one of the most sophisticated supply chain attacks.
MUO on MSN

Gemma 4 just replaced my whole local LLM stack

Gemma 4 made local LLMs feel practical, private, and finally useful on everyday hardware.

硅谷恐怖故事!9700 万下载的 AI 神库遭「投毒」,黑客的 Bug 拯救了 ...

就这么一条简单的命令。 你的 SSH 密钥、AWS 凭证、Kubernetes 配置、加密货币钱包,全部打包加密,发给黑客。 LiteLLM,AI 圈最火的大模型「万能转接头」。一套代码,就能对接 OpenAI、Claude、Gemini 等 100 ...