10 trillion downloads are crushing open-source repositories - here's what they're doing about it

Companies are treating these repositories like content delivery networks - now the Linux Foundation and colleagues are saying ...
InfoWorld

Powerful Python source code processing with “ast”

Overview Python's "ast" module transforms the text of Python source code into an object stream. It's a more powerful way to walk through Python code, analyze its components, and make changes than ...

OpenAI turns its sold-out GPT-5.5 party into a monthlong Codex giveaway for 8,000 developers

OpenAI gave more than 8,000 GPT-5.5 party applicants 10x Codex rate limits through June 5, escalating its AI coding rivalry ...
Decrypt

Someone Built an Open-Source 'Theoretical Mythos' to Reverse-Engineer Anthropic's Most Dangerous AI

OpenMythos is a from-scratch attempt to reconstruct the architecture behind Claude Mythos, the model Anthropic refuses to ...

Backdoored PyTorch Lightning package drops credential stealer

A malicious version of the PyTorch Lightning package published on the Python Package Index (PyPI) delivers a ...
Morning Overview on MSN

Hackers poisoned the PyTorch Lightning AI package and it started stealing credentials the moment you imported it

A single line of Python code was all it took. Developers who ran import lightning after installing versions 2.6.2 or 2.6.3 of ...

200,000 MCP servers expose a command execution flaw that Anthropic calls a feature

OX Security confirmed arbitrary command execution on six live platforms and estimates 200,000 MCP servers are exposed. Here's ...

Microsoft releases the earliest DOS source code ever discovered as open source

Microsoft has officially released another significant piece of DOS history. The "Paterson Listings" include the earliest ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...

Script Injection and Data Theft: Python Data Analysis Tool Compromised

The popular Python package for monitoring data quality was briefly available as a malicious version. Provider Elementary ...
TMCnet

SAS expands SAS Viya with governed AI assistants and agentic AI capabilities

SAS, a global leader in data and AI, today announced expansions to SAS ® Viya ® that advance the platform's agentic AI ...

Top open source PyPI package with over 1 million downloads each month hacked to send out malware

This was not a case of stolen credentials, but rather of vulnerability exploitation.