The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
The Hacker News

New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake Firms, and RATs

Claude Opus commit added malicious npm dependency in Feb 2026, enabling crypto theft and persistent RAT access.
InfoQ

Google ADK for Java 1.0 Introduces New App and Plugin Architecture, External Tools Support, and More

Google's Agent Development Kit for Java reached 1.0, introducing integrations with new external tools, a new app and plugin ...
GitHub

Unknowlars/truenas-scale-api-prometheus-exporter

The repository includes a ready-to-import Grafana dashboard covering system health, storage pools, disks, ZFS cache, services, apps, tasks, alerts, and virtualization.
GitHub

Boxsh: A sandboxed POSIX shell with concurrent JSON-line RPC mode

A sandboxed POSIX shell and MCP server, built on dash 0.5.12. boxsh works as a command-line shell and as an MCP (Model Context Protocol) server for AI agents. OS-native sandbox isolation is baked in — ...