Backdoored PyTorch Lightning package drops credential stealer

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a ...
Morning Overview on MSN

Hackers poisoned the PyTorch Lightning AI package and it started stealing credentials the moment you imported it

A single line of Python code was all it took. Developers who ran import lightning after installing versions 2.6.2 or 2.6.3 of ...
Morning Overview on MSN

Malicious open-source packages have surged 73% in 2026 according to new research

Every time a developer types npm install, they are placing a bet that the package they are pulling into their project is not ...
The Hacker News

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain ...
Oak Ridge National Lab

DeepHyper: A Python Package for Massively Parallel Hyperparameter Optimization in Machine Learning...

Machine learning models are increasingly applied across scientific disciplines, yet their effectiveness often hinges on heuristic decisions such as data transformations, training strategies, and model ...
International Monetary Fund

A Python Package to Assist Macroframework Forecasting: Concepts and Examples

In forecasting economic time series, statistical models often need to be complemented with a process to impose various constraints in a smooth manner. Systematically imposing constraints and retaining ...
CSOonline

AI hallucinations lead to a new cyber threat: Slopsquatting

Cybersecurity researchers are warning of a new type of supply chain attack, Slopsquatting, induced by a hallucinating generative AI model recommending non-existent dependencies. According to research ...