The Hacker News

SilentSync RAT Delivered via Two Malicious PyPI Packages Targeting Python Developers

Zscaler reveals SilentSync remote access trojan hidden in two malicious PyPI Python packages, risking browser data theft and multi-OS compromise.
Security Boulevard

Malicious PyPI Packages Deliver SilentSync RAT

IntroductionZscaler ThreatLabz regularly monitors for threats in the popular Python Package Index (PyPI), which contains open source libraries that are frequently used by many Python developers. In ...
InfoWorld

Intro to Nitro: The server engine built for modern JavaScript

The HTTP engine inside Nitro is H3, a server geared for high-performance and portability. H3 provides the core functionality ...
Security Boulevard

How Tenable Found a Way To Bypass a Patch for BentoML’s Server-Side Request Forgery Vulnerability CVE-2025-54381

Tenable Research recently discovered that the original patch for a critical vulnerability affecting BentoML could be bypassed ...
Bleeping Computer

Max severity Argo CD API flaw leaks repository credentials

An Argo CD vulnerability allows API tokens with even low project-level get permissions to access API endpoints and retrieve all repository credentials associated with the project. The flaw, tracked ...

Thinking Machines' first official product is here: meet Tinker, an API for distributed LLM fine-tuning

Thinking Machines, the AI startup founded earlier this year by former OpenAI CTO Mira Murati, has launched its first product: Tinker, a Python-based API designed to make large language model (LLM) ...
USA Today

Florida python hunter cashes in: He eliminated more than 60 invasive snakes in August

The South Florida Water Management District's Python Elimination Program has removed 245 pythons so far in 2025. Brian Hargrove was the top hunter in August, capturing 63 invasive snakes. The program ...