New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.
GitHub

A fast, modern EnergyPlus IDF/epJSON toolkit for Python.

idfkit is in beta. The API may change between minor versions. We're looking for early adopters and testers — especially users of eppy who want better performance and a modern API. If you try it out, ...
theregister

Backup script ingested an accidental asterisk and deleted everything

WHO, ME? Welcome to Monday morning, the time of week when The Register always asks “Who, Me?” because that’s the title of our reader-contributed column in which you confess to having made a mess, and ...