Claude can be tricked into sending your private company data to hackers - all it takes is some kind words

Wunderwuzzi showed he was able to trick Claude into reading private user data, save that data inside the sandbox, and upload ...
CSO Online

Claude AI vulnerability exposes enterprise data through code interpreter exploit

Security researcher demonstrates how attackers can hijack Anthropic’s file upload API to exfiltrate sensitive information, ...

The Python Software Foundation has turned down a $1.5 million US government grant amid ethical concerns

$1.5 Million is no small amount of money to turn down, especially in the form of a US government grant. However, the Python ...

Claude code will send your data to crims ... if they ask it nicely

"The exploit hijacks Claude and follows the adversaries instructions to grab private data, write it to the sandbox, and then calls the Anthropic File API to upload the file to the attacker's account ...
IEEE

Automated Detection and Mitigation of Malicious Packages in the PyPI Ecosystem and .exe Files: PyGuardEX

Abstract: The rapid growth of open-source ecosystems such as PyPI has significantly increased the risk of malicious packages infiltrating and affecting the software supply chains. Attackers often ...
GitHub

Failure to upload package using Trusted Publisher from GitLab

Trying to upload version 1.0.8 of the facadedevice project using Trusted Publishing from GitLab is failing: https://gitlab.com/MaxIV/tango-facadedevice/-/jobs ...
The Hacker News

npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels

Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to ...
GitHub

[Documentation]: Please populate pypi metadata for

The pypi.org page for the llama-index-instrumentation package https://pypi.org/project/llama-index-instrumentation/ does not provide any metadata such as links to the ...