The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

GlassWorm campaign injects malware into GitHub Python repos using stolen tokens since March 8, 2026, exposing developers to ...

YouTube killed my comment alerts, so I vibe-coded a fix to get them back - in just 1 hour

With Gemini and a simple Python script, I rebuilt YouTube email alerts. Now I won't miss another comment. Here's how you can do the same.
The Hacker News

Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets

Trivy attack force-pushed 75 tags via GitHub Actions, exposing CI/CD secrets, enabling data theft and persistence across developer systems.

OpenAI to buy Python toolmaker Astral to take on Anthropic

March 19 (Reuters) - OpenAI said on Thursday it will acquire Python toolmaker Astral, as the ChatGPT ​owner looks to ...

Scrape Free Website Data Using Claude Cowork & Apify : Build Prospecting Lists Quickly

Claude Cowork pairs with Apify and Vibe Prospecting to scrape websites free, with Apify’s $5 monthly credit and spreadsheet export.
InfoQ

Google Open-Sources the Common Expression Language for Python

Google has open sourced CEL-expr-python, a Python implementation of the Common Expression Language (CEL), a non-Turing complete embedded policy and expression language designed for simplicity, speed, ...
SecurityWeek

ForceMemo: Python Repositories Compromised in GlassWorm Aftermath

Hackers use credentials stolen in the GlassWorm campaign to access GitHub accounts and inject malware into Python repositories.
Opinion
PCMagOpinion

Your X Posts Are Training Elon Musk's AI. Here’s How to Stop It

The platform's Grok chatbot scrapes your posts by default. Fortunately, there are some easy steps you can take to stop feeding the beast.