New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

When Claude changed, everything changed: Managing AI blast radius in production

We built it on Claude Sonnet 3.5 in early 2025. We upgraded to 3.7 without incident, and to 4.0 without incident. By the time ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
The Hacker News

⚡ Weekly Recap: Instagram Account Hacks, Android Zero-Day, GitHub Worm and More

Your weekly cybersecurity recap: a GitHub supply chain worm, an exploited Android flaw, Instagram account takeovers, and a ...

Netflix wiz creates app to slash AI bills, then open sources it

As the COOs from both Uber and Microsoft recently learned, encouraging company engineers to use AI aggressively can lead to ...
Crypto Briefing

Google unveils Managed Agents API for simplified AI deployment at I/O 2026

Google just made building autonomous AI agents significantly easier. At its I/O 2026 developer conference, the company unveiled the Managed Agents API, a new offering within the Gemini and Antigravity ...
InfoWorld

Taming the generative AI back end

Writing code that interacts with LLM services requires bridging two different worlds. Use these tips and techniques to bind the AI model to the logic of your app.
GitHub

ogx-ai/ogx-client-python

The Ogx Client Python library provides convenient access to the Ogx Client REST API from any Python 3.9+ application. The library includes type definitions for all request params and response fields, ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply chain worm hits Microsoft’s Python SDK

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...
Dark Reading

Google API Keys Remain Active After Deletion

Google API keys aren't completely inactive after users delete them, giving attackers a small but significant window to continue abusing them. Joe Leon, researcher at Belgian startup Aikido Security, ...
techtimes

OpenAI Unifies ChatGPT, Codex, and Developer API Under Co-Founder Brockman Four Days Before Google I/O

OpenAI told employees on Friday that co-founder and president Greg Brockman will permanently lead all product strategy, merging ChatGPT, Codex, and the developer API into one organization — a ...
NPR

Kids' test scores began declining way before COVID. These schools are making gains

The pandemic-era backslide in math and reading scores for students across the U.S. was not a sudden catastrophe but the continuation of a brutal, decade-long "learning recession" that began years ...