WeLiveSecurity

OceanLotus: From external espionage to domestic targeting

Our tracking of OceanLotus activities from 2024–2026 reveals a shift in operational focus. During this period, the Vietnam-aligned OceanLotus adopted a more selective approach to external operations ...

Exclusive: MotherDuck adds agentic data ingestion to its cloud analytics service

MotherDuck Corp., the maker of a cloud-native data warehouse based on the open-source DuckDB analytical engine, is betting ...

GitHub confirms 3,800 internal repos stolen through poisoned VS Code extension as supply ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...

200,000 MCP servers expose a command execution flaw that Anthropic calls a feature

OX Security confirmed arbitrary command execution on six live platforms and estimates 200,000 MCP servers are exposed. Here's how to audit your deployments.
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. As of writing, ...
来自MSN

Epstein files update: Trump's DOJ faces new watchdog audit

The U.S. Department of Justice is facing an audit of its compliance with a law passed by Congress requiring it to release the Epstein files. “We already know the Department of Justice failed to comply ...
theregister

Anthropic won't own MCP 'design flaw' putting 200K servers at risk, researchers say

A design flaw – or expected behavior based on a bad design choice, depending on who is telling the story – baked into Anthropic's official Model Context Protocol (MCP) puts as many as 200,000 servers ...
Bleeping Computer

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. Evidence ...
The Hacker News

Malicious PyPI Package Impersonates SymPy, Deploys XMRig Miner on Linux Hosts

A new malicious package discovered in the Python Package Index (PyPI) has been found to impersonate a popular library for symbolic mathematics to deploy malicious payloads, including a cryptocurrency ...
Beebom

How to Customize Windows Terminal Like a Pro

For developers or anyone who uses Windows Terminal to interact with the shell, be it PowerShell or WSL, this tutorial is going to help you customize the Terminal, which will soon be the default ...
GitHub

Repair malformed JSON from LLMs, APIs, logs, and user input in Python.

If json_repair saves you time, star the repository so more people can find it. Some LLMs are a bit iffy when it comes to returning well formed JSON data, sometimes they skip a parentheses and ...
GitHub

Filter JSON and JSON Lines data with Python syntax

jello is similar to jq in that it processes JSON and JSON Lines data except jello uses standard python dict and list syntax. JSON or JSON Lines can be piped into jello via STDIN or can be loaded from ...