Kestra: Ops automation beyond CI/CD

CI/CD pipelines are optimized for code deployments. Long-running operational processes and self-service workflows can be ...
VentureBeat

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable ...

Any development environment that installed or imported one of the 172 compromised npm or PyPI packages published since May 11 should be treated as potentially compromised. On affected developer ...
Bleeping Computer

Shai Hulud attack ships signed malicious TanStack, Mistral npm packages

Hundreds of packages across npm and PyPI have been compromised in a new Shai-Hulud supply-chain campaign delivering credential-stealing malware targeting developers. The attacker hijacked valid OpenID ...
The Hacker News

Microsoft Confirms Active Exploitation of Windows Shell CVE-2026-32202

Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild. The vulnerability in ...
InfoQ

AWS S3 Introduces Account-Regional Namespaces, Ending 18 Years of Global Bucket Name Collisions

A monthly overview of things you need to know as an architect or aspiring architect. Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with ...
Bleeping Computer

Popular LiteLLM PyPI package backdoored to steal credentials, auth tokens

The TeamPCP hacking group continues its supply-chain rampage, now compromising the massively popular "LiteLLM" Python package on PyPI and claiming to have stolen data from hundreds of thousands of ...
heise online

AWS S3: Account Regional Namespaces End Bucket Squatting

Amazon Web Services (AWS) has introduced Account Regional Namespaces for Amazon S3 General Purpose Buckets. This allows customers to create bucket names in a reserved namespace per account and region ...
The Hacker News

TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure

Cybersecurity researchers have called attention to a "massive campaign" that has systematically targeted cloud native environments to set up malicious infrastructure for follow-on exploitation. The ...
GitHub

Pywbem - A WBEM client and related utilities, written in pure Python

Pywbem is a WBEM client and WBEM indication listener and provides related WBEM client-side functionality. It is written in pure Python and runs on Python 3. The green components all have Python APIs ...
GitHub

R Interface to Python

The reticulate package provides a comprehensive set of tools for interoperability between Python and R. The package includes facilities for: Calling Python from R in a variety of ways including R ...
Wired

AI Code Hallucinations Increase the Risk of ‘Package Confusion’ Attacks

AI-generated computer code is rife with references to nonexistent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages ...
Ars Technica

AI-generated code could be a disaster for the software supply chain. Here’s why.

AI-generated computer code is rife with references to non-existent third-party libraries, creating a golden opportunity for supply-chain attacks that poison legitimate programs with malicious packages ...