The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.
InfoWorld

Unplugged holes in the npm and yarn package managers could let attackers bypass defenses against Shai-Hulud

A researcher at Koi Security says the two key platforms have not plugged the vulnerabilities enabling the worm attacks, and ...
XDA Developers on MSN

I replaced all my browser bookmarks with this terminal-based knowledge management tool

Take control of your bookmarks!

Popular Python libraries used in Hugging Face models subject to poisoned metadata attack

Vulnerabilities in popular AI and ML Python libraries used in Hugging Face models with tens of millions of downloads allow ...
GitHub

Replace tokens in text files with values from the command-line, files or environment variables.

replacetokens --sources [--add-bom] [--case-insensitive-paths] [--chars-to-escape] [--encoding] [--escape {auto, off, json, xml, custom}] [--escape-char] [--help ...
GitHub

Python for OSINT. 21-day course for beginners

This course was written back in the good old days when Gitpod offered users 50 hours of free work per month. But that was a long time ago, and now this service has become paid. Fortunately, you can ...