The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
The Hacker News

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.
American Rifleman

Taurus RPC: The Bull Does a PDW

** When you buy products through the links on our site, we may earn a commission that supports NRA's mission to protect, preserve and defend the Second Amendment. ** The term “personal defense weapon” ...
GitHub

Unknowlars/truenas-scale-api-prometheus-exporter

The repository includes a ready-to-import Grafana dashboard covering system health, storage pools, disks, ZFS cache, services, apps, tasks, alerts, and virtualization.
GitHub

Boxsh: A sandboxed POSIX shell with concurrent JSON-line RPC mode

A sandboxed POSIX shell and MCP server, built on dash 0.5.12. boxsh works as a command-line shell and as an MCP (Model Context Protocol) server for AI agents. OS-native sandbox isolation is baked in — ...