GitHub

One command to explain your Python environment, trace imports, and detect shadows.

Note: uvx pywho is not recommended — it runs inside uv's ephemeral sandbox, so the output reflects that temporary environment instead of your actual project. Always install pywho into the environment ...
Ars Technica

Anthropic says its leak-focused DMCA effort unintentionally hit legit GitHub forks

An Anthropic-backed DMCA effort to remove its recently leaked Claude Code client source code from GitHub this week resulted in the accidental removal of many legitimate forks of its official public ...
Hackaday

This Week In Security: Linux Flaws, Python Ownage, And A Botnet Shutdown

The ides of security March are upon us — Qualys reports the discovery by their threat research unit of vulnerabilities in the Linux AppArmor system used by SUSE, Debian, Ubuntu, and Kubernetes as an ...
GitHub

Medical Image Analysis Agent Skills

This repository is built around one primary idea: each skill is a self-contained directory that can be copied into an agent workspace and used directly. The installed Python package and medical-skills ...
Bleeping Computer

GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. Evidence ...
bitnewsbot

GitHub Malware Steals Python Repos via Force-Pushing

A GitHub account takeover campaign uses stolen tokens to inject malware into hundreds of Python repositories. The malicious code, part of the GlassWorm/ForceMemo campaign, targets users who clone or ...
The Hacker News

GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos

The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories. "The attack targets Python ...