New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

Forcepoint details TeamPCP supply chain attack that turned LiteLLM into a credential stealer

A new report out today from cybersecurity company Forcepoint LLC’s X-Labs research team details a supply chain attack that compromised LiteLLM, a widely used open-source Python ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...

I had ChatGPT build me a free PDF editor because I didn't trust it to change my files - it worked!

The smartest way to use AI may not be letting it touch your files, but asking it to write software that handles them safely - ...
Columbia Journalism Review

Scraper Factories

Writing a scraper or two for a story is (usually) a fairly straightforward task for a data journalist who knows a bit of code ...
GitHub

8-run-protossl-heedb-pip.sh

: "${DATASET_PATH:?Env var DATASET_PATH must be set prior to script execution}" : "${RUN_DIR:?Env var RUN_DIR must be set prior to script execution}" : "${REPO_ROOT:?Env var REPO_ROOT must be set ...