The Hacker News

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.
The Hacker News

LiteLLM CVE-2026-42208 SQL Injection Exploited within 36 Hours of Disclosure

CVE-2026-42208 exploited within 36 hours of disclosure, exposing LiteLLM credentials, risking cloud account compromise.

PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...
Dark Reading

Bad Memories Still Haunt AI Agents

Anthropic fixed a significant vulnerability in Claude Code's handling of memories, but experts caution that memory files will ...
GitHub

Modern Web Vulnerability Scanner

A comprehensive CLI-based web penetration testing tool with 17 detection modules, 323+ payloads, async crawling, deep endpoint discovery, subdomain enumeration, and false-positive reduction. Inspired ...
GitHub

Analyze dependency licenses and get actionable licensing guidance for Python projects.

deplicense goes beyond simply listing dependency licenses. It tells you what license your project needs, flags incompatible combinations, and generates compliance documents - all from a single command ...