CSO Online

Top 5 real-world AI security threats revealed in 2025

Security researchers uncovered a range of cyber issues targeting AI systems that users and developers should be aware of — ...
eLife

DendroTweaks, an interactive approach for unraveling dendritic dynamics

An interactive toolbox for standardizing, validating, simulating, reducing, and exploring detailed biophysical models that can be used to reveal how morpho-electric properties map to dendritic and ...
Science Daily

A new tool is revealing the invisible networks inside cancer

Spanish researchers have created a powerful new open-source tool that helps uncover the hidden genetic networks driving ...

针对PyPI维护者的钓鱼攻击与Python软件供应链安全防护机制研究

近年来,开源软件在现代软件开发中的基础性地位日益凸显。作为全球最广泛使用的编程语言之一,Python的包生态系统以Python Package Index(PyPI)为核心,承载了超过50万个公开项目和数百万开发者。然而,这一开放协作模式在提升开发效率的同时,也暴露出显著的安全隐患。2023年至2025年间,Python软件基金会(Python Software Foundation, PSF)多 ...
The New York Times

Musk Wins $1 Trillion Pay Package, Creating Split Screen on Wealth in America

Tesla shareholders approved a plan to grant Elon Musk shares worth nearly $1 trillion if he meets ambitious goals, including vastly expanding the company’s stock market valuation. By Rebecca F.
The Hacker News

SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers

Cybersecurity researchers have discovered two new malicious packages in the Python Package Index (PyPI) repository that are designed to deliver a remote access trojan called SilentSync on Windows ...
InfoWorld

PyApp: An easy way to package Python apps as executables

Written in Rust, the PyApp utility wraps up Python programs into self-contained click-to-run executables. It might be the easiest Python packager yet. Every developer knows how hard it is to ...
bitnewsbot

Malicious PyPI Packages Uncovered: Supply Chain Risk for Python

Cybersecurity researchers have found harmful software in the official Python Package Index (PyPI) and npm package repositories, putting software supply chains at risk. The packages, called termncolor ...
Bleeping Computer

Hackers target Python devs in phishing attacks using fake PyPI site

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. PyPI is a ...
CSOonline

Malicious PyPI package targets Chimera users to steal AWS tokens, CI/CD secrets

“Chimera-sandbox-extensions” exploit highlights rising risks of open-source package abuse, prompting calls for stricter dependency controls and DGA malware detection. A malicious Python package posing ...
Bleeping Computer

Malicious PyPi package steals Discord auth tokens from devs

A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system. The ...