New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...

For the 2nd time in weeks, Microsoft packages laced with credential stealer

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...

Malicious Hugging Face Models Could Trigger Remote Code Execution

A flaw in Hugging Face Transformers could allow malicious AI models to execute code, exposing credentials and highlighting AI ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
CSO Online

Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...
Billboard

Hasbro Is Celebrating 40 Years of ‘The Transformers: The Movie’ With ‘Reformatted’ Soundtrack — And Yes, Stan Bush Is Back

Metal legend Sebastian Bach is also joining the battle of Autobots vs. Decepticons for this new project. By Joe Lynch Executive Digital Director On July 24, a transformative album is rolling out. And ...
The Hollywood Reporter

‘The Transformers: The Movie’ Getting Theatrical Re-Release From Fathom (Exclusive)

Hasbro is leaning into the movie's cult status and notoriety for killing off major characters as part of a 40th anniversary "Apology Tour." By Borys Kit Senior Film Writer When it was first released ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...
Opi.net

ImportError: cannot import name 'LlavaNextProcessor' from 'transformers' (/opt/conda/lib/python3.11/site-packages/transformers/__init__.py)

OPI is the global business supplies industry's go-to hub for essential resources, news, analysis, information and networking. A trusted name since 1991, OPI delivers business-critical information ...
NBC News

UPS is 'disposing of' U.S.-bound packages over customs paperwork problems

Thousands of U.S.-bound packages shipped by UPS are trapped at hubs across the country, unable to clear the maze of new customs requirements imposed by the Trump administration. Subscribe to read this ...
Electrek

Tesla’s new transformer business started on wrong foot with many top engineers leaving

Tesla confirmed its plan to produce its own electrical transformers, a new business for the automaker, but it started on the wrong foot. Many top Tesla engineers left over the last year to build their ...