For the 2nd time in weeks, Microsoft packages laced with credential stealer

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...
How-To Geek on MSN

How to create professional-looking plots in Python

Use Python to make your data visualizations stand out.

Use Windows Sandbox and containers to test untrusted apps safely

Windows Sandbox acts as a digital safety net, allowing you to test untrusted apps in isolation and keep your system protected ...

My new favorite Windows app made my PC safer and more reliable - and it's free

Downloading executable installer files from random websites is the best way to put malware on your Windows PC. Stop doing ...
GitHub

VS-Codex Thread Tools

VS-Codex Thread Tools is a small Windows/Tkinter utility for working with local Codex VS Code extension thread files. %USERPROFILE%\.codex\session_index.jsonl ...
TechRadar

Top download manager JDownloader hacked — installers replaced with dangerous malware

Attackers exploited a CMS flaw to replace Windows and Linux installer links with malware‑laden versions between May 6–7, 2026 The poisoned installers deployed a Python‑based RAT via a loader, while ...
CSOonline

Malicious Hugging Face model masquerading as OpenAI release hits 244K downloads

The repository reached the #1 trending position on Hugging Face within 18 hours, highlighting how public AI repositories are becoming a new software supply chain attack vector. A malicious Hugging ...
The Hacker News

Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads

A malicious Hugging Face repository managed to take a spot in the platform's trending list by impersonating OpenAI's Privacy Filter open-weight model to deliver a ...
ExtremeTech

Fake Windows 11 24H2 Update Poses as Legit Download to Steal Data

Security researchers at Malwarebytes have found a fake Windows 11 24H2 update campaign that steals sensitive data from Windows PC users. The attackers host a very convincing Microsoft‑style support ...
The Hacker News

TeamPCP Pushes Malicious Telnyx Versions to PyPI, Hides Stealer in WAV Files

TeamPCP, the threat actor behind the supply chain attack targeting Trivy, KICS, and litellm, has now compromised the telnyx Python package by pushing two malicious versions to steal sensitive data.
Infosecurity-magazine.com

Fraud Investigation Reveals Sophisticated Python Malware

A sophisticated Python-based malware deployment uncovered during a fraud investigation has revealed a layered attack involving obfuscation, disposable infrastructure and commercial offensive tools.
TWCN Tech News

Python not working in Visual Studio Code Terminal

Python may not work in the VS Code terminal due to several reasons: the Python executable path is missing from your system’s PATH environment variable, the wrong Python interpreter is selected in VS ...