Expert at the Conservancy of Southwest Florida topped their own record for the most tonnage of Burmese python removed from ...

Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...

Rosalind, a Rust-built genomics library, runs whole genome sequencing analysis in 100 MB of RAM on a laptop, with no cloud upload required. The project launched May 27, 2026 — days after the 23andMe b ...

GitHub confirmed attackers stole 3,800 internal repositories via a poisoned VS Code extension. The same threat group, TeamPCP, simultaneously compromised Microsoft's durabletask Python ...

The dates for the 2026 Florida Python Challenge are set. Here's how last year's winner captured a whopping 60 pythons for the $10,000 grand prize.

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that compromised LiteLLM, a widely used open-source Python ...

The CVSS‑9.3 vulnerability allows unauthenticated remote code execution on exposed Marimo servers and was exploited in the wild shortly after disclosure, Sysdig says. A critical pre-authentication ...

A critical pre-authentication remote code execution vulnerability in Marimo, an open-source Python notebook platform owned by AI cloud company CoreWeave, was exploited in the wild less than 10 hours ...

TeamPCP, the threat actor behind the recent compromises of Trivy and KICS, has now compromised a popular Python package named litellm, pushing two malicious versions containing a credential harvester, ...