Open source registries don't have enough money to implement basic security

Free beer is great. Securing the keg costs money fosdem 2026 Open source registries are in financial peril, a co-founder of ...

North Korean job scammers target JavaScript and Python developers with fake interview tasks spreading malware

Operation Dream Job is evolving once again, and now comes through malicious dependencies on bare-bones projects.
Hoodline

San Antonio AI Researchers Sound Alarm On Phantom Package Trap

UTSA: ~20% of AI-suggested packages don't exist. Slopsquatting could let attackers slip malicious libs into projects.

North Korean GraphAlgo campaign uses fake job tests to spread malware scam

The post North Korean Graphalgo Campaign Uses Fake Job Tests to Spread Malware Scam appeared first on Android Headlines.
Infosecurity Magazine

Fraud Investigation Reveals Sophisticated Python Malware

A sophisticated Python-based malware deployment uncovered during a fraud investigation has revealed a layered attack involving obfuscation, disposable infrastructure and commercial offensive tools.
InfoQ

Microsoft Agent Framework RC Simplifies Agentic Development in .NET and Python

Microsoft has announced that the Microsoft Agent Framework has reached Release Candidate status for both .NET and Python. This milestone indicates that the API surface is stable and feature-complete ...
GitHub

Standard BOM for Python

A Python library for creating and consuming documents in standard-bom format. "Standard BOM" is our Siemens-internal SBOM format based on the Siemens CycloneDX Property Taxonomy, which is 100% ...
GitHub

Kew: Modern Async Task Queue

Building async applications often means dealing with background tasks. Existing solutions like Celery require separate worker processes and complex configuration. Kew takes a different approach: Redis ...