PhantomRaven attack floods npm with credential-stealing packages

An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal authentication tokens, CI/CD secrets, and GitHub credentials.

Python rejects $1.5M grant from U.S. govt. fearing ethical compromise

The Python Software Foundation (PSF) has withdrawn its $1.5 million grant proposal to the U.S. National Science Foundation ...

Python plan to boost software security foiled by Trump admin’s anti-DEI rules

The Python Software Foundation has rejected a $1.5 million government grant because of anti-DEI requirements imposed by the ...
The Hacker News

ThreatsDay Bulletin: $176M Crypto Fine, Hacking Formula 1, Chromium Vulns, AI Hijack & More

Cybercrime crackdowns, AI security flaws, and major breaches — from $176M fines to Starlink, F1, and Google’s new threat ...
CSO Online

Prompt hijacking puts MCP-based AI workflows at risk

An AI version of session hijacking can lead to attackers injecting malicious prompts into legitimate MCP communications.