I've reviewed every PDF editor out there - then I had ChatGPT build me a better one

The smartest way to use AI may not be letting it interact with your files, but asking it to write software that handles them ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
Ubuntu

How to Fix Copy Fail (CVE-2026-31431) Vulnerability on Ubuntu and Linux Mint

On April 29, 2026, security researchers at Theori and Xint Code publicly disclosed CVE-2026-31431, a Linux kernel privilege escalation vulnerability they named Copy Fail. Any unprivileged local user ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. As of writing, ...
GitHub

websocket-client

websocket-client is a WebSocket client for Python. It provides access to low level APIs for WebSockets. websocket-client implements version hybi-13 of the WebSocket protocol. This client does not ...
theregister

LLMs can't stop making up software dependencies and sabotaging everything

The rise of LLM-powered code generation tools is reshaping how developers write software - and introducing new risks to the software supply chain in the process. These AI coding assistants, like large ...
GitHub

Veeder-Root TLS Socket Library

This is an unofficial Python sockets wrapper for querying Veeder-Root automatic tank gauges remotely through the Internet. This wrapper is primarily made to support ...
WeLiveSecurity

A pernicious potpourri of Python packages in PyPI

PyPI is popular among Python programmers for sharing and downloading code. Since anyone can contribute to the repository, malware – sometimes posing as legitimate, popular code libraries – can appear ...