GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, ...
The Hacker News

Claude Code Security and Magecart: Getting the Threat Model Right

Magecart hides payload in favicon EXIF via third-party scripts, bypassing static analysis and stealing checkout data at ...

Malicious campaign targets popular OpenWebUI AI interface to mine crypty and steal credentials

Cybernews researchers uncovered numerous OpenWebUI instances that were silently running malware.
CSO Online

Trivy vulnerability scanner backdoored with credential stealer in supply chain attack

If you suspect you were running a compromised version, treat all pipeline secrets as compromised and rotate immediately,’ ...
WinBuzzer

OpenAI Acquires Python Toolmaker Astral to Boost Codex AI Agent

OpenAI has acquired Astral, the company behind Python tools uv and Ruff, to integrate them into its Codex platform as it ...

OpenAI is acquiring open source Python tool-maker Astral

OpenAI announced Thursday that it has entered into an agreement to acquire Astral, the company behind popular open source Python development tools such as uv, Ruff, and ty, and integrate the company ...

OpenAI to buy Python toolmaker Astral to take on Anthropic

March 19 (Reuters) - OpenAI said on Thursday it will acquire Python toolmaker Astral, as the ChatGPT ​owner looks to ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...
Visual Studio Magazine

Hands On with VS Code 1.112's New Image Analysis for Agents

VS Code 1.112 adds native image support for agents, and I used it on three Microsoft AI Foundry leaderboard screenshots to see whether it could turn chart-heavy visuals into a useful developer summary ...
Microsoft

CTI-REALM: A new benchmark for end-to-end detection rule generation with AI agents

CTI-REALM is Microsoft’s open-source benchmark that evaluates AI agents on real-world detection engineering. It measures ...

From pathology image to biological discovery: LazySlide uses foundation models to connect tissue images and RNA data

Microscopic images of human tissue are a cornerstone of biomedical research and clinical diagnostics. Yet despite their ...
The Lancet

A predictive atlas of disease onset from retinal fundus photographs: a modelling study using data from population-based cohorts

We present one of the first comprehensive evaluations of predictive information derived from retinal fundus photographs, ...