The Hacker News

36 Malicious npm Packages Exploited Redis, PostgreSQL to Deploy Persistent Implants

Strapi plugins exploit Redis and PostgreSQL via postinstall scripts, enabling persistent access and data theft.
GitHub

Write Python scripts in an Actions workflow file!

This action lets you define a custom Python script inside the workflow YAML file. Write your Python code as the script argument, and use the YAML multiline string feature to define multiline scripts.

8-foot python spotted on Beltline stuns Atlanta, man behind viral video speaks out: "That's not a regular snake"

A casual walk near Krog Street Market turned into a viral moment when an 8-foot python appeared on the Atlanta Beltline—now, ...
InfoWorld

New ‘StoatWaffle’ malware auto‑executes attacks on developers

The newly observed malware abuses VS Code’s “runOn:folderOpen” feature to execute automatically from trusted projects, ...
GitHub

Ultra-lightweight and efficient personal AI assistant

Clawlet is a lightweight personal AI agent with hybrid semantic memory search — a single static binary with no runtime and no CGO. Bundled SQLite + sqlite-vec. Drop it on any machine and memory search ...