GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP ...
CSOonline

ClickFix finds a backup plan in PySoxy proxy chains

ReliaQuest observed attackers pairing ClickFix with the PySoxy proxy tool to establish redundant encrypted access paths and persistence on compromised systems. ClickFix, a one-shot social engineering ...
Business Wire

Iterable Unveils Nova Agent and a New Wave of AI Innovations to Power Real-Time Personalization and Predictable Growth

LOS ANGELES--(BUSINESS WIRE)--I terable, the AI customer engagement platform, today announced Nova Agent, an AI agent built to act on customer behavior in real time, alongside a new wave of AI ...
The Hill

Iran calls for human chains around power plants ahead of Trump deadline

Iranian officials on Tuesday urged their people to form human chains around power plants as the country faces a deadline set by President Trump to reopen the Strait of Hormuz or risk major strikes on ...
Indiatimes

Tesla's former VP Andrej Karpathy shares AI coding 'horror', 'Python supply chain attack' that could have wiped millions of SSL private keys, database passwords, more; and Elon ...

Andrej Karpathy, the former Tesla AI director and OpenAI cofounder, is calling a recent Python package attack "software horror"—and the details are genuinely alarming. A compromised version of LiteLLM ...
Deadline.com

Kidnap Thriller ‘The Chain’ Lands Straight-To-Series Order At HBO With Damon Lindelof As Showrunner

Damon Lindelof is getting back into showrunning with a new kidnap thriller at HBO. The Warner Bros Discovery-owned cable network has handed The Chain a straight-to-series order. Based on Adrian ...
Vogue

Why Is Everyone Making Paper Chains This Holiday Season?

When I first saw red paper chains strung up in my friend’s Brooklyn apartment last year, I thought: Cute! What a fun throwback to Christmases of yore, and a way to make the place ten times cozier as ...
Bleeping Computer

PyPI invalidates tokens stolen in GhostAction supply chain attack

The Python Software Foundation team has invalidated all PyPI tokens stolen in the GhostAction supply chain attack in early September, confirming that the threat actors didn't abuse them to publish ...
InfoWorld

Python popularity boosted by AI coding assistants – Tiobe

Python maintains its runaway top ranking in the Tiobe index of programming language popularity, while older languages continue to rise. Perl surprises. Python, the highest-ranking language ever in the ...