SecurityWeek

From Trivy to Broad OSS Compromise: TeamPCP Hits Docker Hub, VS Code, PyPI

The hackers compromised GitHub Action tags, then shifted to NPM, Docker Hub, VS Code, and PyPI, and teamed with Lapsus$.
CNX Software

Hugging Face’s Reachy Mini is an open-source AI robot for your computer or Raspberry Pi CM4

Better known for its artificial intelligence software solutions, Hugging Face unveiled the Reachy Mini open-source desktop ...
WinBuzzer

OpenAI Acquires Python Toolmaker Astral to Boost Codex AI Agent

OpenAI has acquired Astral, the company behind Python tools uv and Ruff, to integrate them into its Codex platform as it ...
How-To Geek on MSN

Android's sideloading changes, the big Visual Studio Code update, better Linux phones, and more: News roundup

Everything you may have missed from the past week.
XDA Developers on MSN

I automated my entire read-it-later workflow with a local LLM so every article I save gets summarized overnight

No more fighting an endless article backlog.

OpenAI acquires open-source Python tooling startup Astral

OpenAI Group PBC today announced plans to acquire Astral Software Inc., a startup with a set of widely used Python ...
InfoWorld

OpenAI buys Python tools builder Astral

Astral tools and expertise will be leveraged in OpenAI Codex agentic coding app to expand AI capabilities across the software ...

Waratek Redefines Secure Development with Launch of Waratek IAST at JavaOne 2026

AI-assisted code speeds development, but introduces vulnerabilities at an alarming rate. Waratek IAST reports flaws ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
SecurityWeek

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python ...