The Hacker News

Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Two fake spellchecker packages on PyPI hid a Python RAT in dictionary files, activating malware on import in version 1.2.0.
InfoWorld

CPython vs. PyPy: Which Python runtime has the better JIT?

JIT compiler stack up against PyPy? We ran side-by-side benchmarks to find out, and the answers may surprise you.

Critical sandbox escape flaw discovered in popular vm2 NodeJS library

A critical-severity vulnerability in the vm2 Node.js sandbox library, tracked as CVE-2026-22709, allows escaping the sandbox and executing arbitrary code on the underlying host system.
GitHub

Polars + Bloomberg Open API

polars-bloomberg is a Python library that extracts Bloomberg's financial data directly into Polars DataFrames. If you’re a quant financial analyst, data scientist, or quant developer working in ...
GitHub

AgentRun: Run AI Generated Code Safely

AgentRun is a Python library that makes it easy to run Python code safely from large language models (LLMs) with a single line of code. Built on top of the Docker Python SDK and RestrictedPython, it ...
InfoWorld

Rust 1.93 updates bundled musl library to boost networking

New Rust release brings major improvements to musl’s DNS resolver and tweaks the standard library to aid global allocators.