The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
GitHub

SPI-Py: Hardware SPI as a C Extension for Python

COPYRIGHT (C) 2012 Louis Thiery. All rights reserved. Further work by Connor Wolf. Forked in 2019 by Nathan Leefer to fix memory handling in the C extension. This ...
InfoWorld

Meet Hades: The malware that lies to AI security agents

Researchers have uncovered a supply-chain attack that hides in Python packages, propagates like a worm, and tricks LLM-based ...
GitHub

teng-lin/notebooklm-py

This library uses undocumented Google APIs that can change without notice. 📚 Research Automation - Bulk-import sources (URLs, PDFs, YouTube, Google Drive), run web/Drive research queries with ...
CSO Online

Hugging Face Transformers RCE flaw enables stealthy compromise via AI model configs

With over 2.2 billion installs, the flawed Python package offers attackers a huge blast radius, including silent access to ...
腾讯网

手把手构建企业级 Agent 框架(七):工具系统与安全执行层 — 让 ...

在前六篇文章中,我们的 Agent 已经拥有了多渠道接入、自主推理、动态技能和长短期记忆。但要让它真正“干活”,还需要一双能操控现实系统的双手——工具。OpenClaw 内置了 Shell 执行、浏览器自动化、HTTP 请求等工具,并通过沙箱保障安全。今天,我们将构建一个企业级工具系统,涵盖工具注册与发现、JSON Schema ...
51CTO

AI Agent Skill 工程化(方法论篇):写 Skill 还是 SOP?但好 Skill 必须懂 SOP

2026 年的 Skill 工程化,已经走过了"有没有"的阶段,进入了"好不好"的深水区。掌握这个决策框架,你的 Skill 就不再是又长又模糊的 Prompt 集合,而是真正能让 Agent 从通用走向专业的工程化资产。 前言 一句话总结:Skill 不是 SOP,但好的 Skill 借鉴了 SOP 的精髓。
ITV

The latest ITV weather forecast for the UK

Outbreaks of rain becoming increasingly showery as we move through the evening, however heavy bursts are still possible. Drier later in the night with some clear spells developing, these mainly ...
腾讯网

手把手构建企业级 Agent 框架(九):可观测性与生产化运维 — 让 ...

经过前面八篇文章的打磨,我们的企业级 Agent ...