Hosted on MSN

Popular PyPI package hacked to deliver infostealing malware

A widely used open-source PyPI package, elementary-data, was compromised in a targeted attack that inserted infostealer malware via a GitHub Actions vulnerability. The malicious update, version 0.23.3 ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...
Hosted on MSN

Level up your cybersecurity with Python automation

Python has become a go-to language for cybersecurity pros thanks to its simplicity, vast library ecosystem, and ability to automate complex tasks. From real-time log analysis and threat detection to ...

Crime crew impersonates help desk, abuses Microsoft Teams to steal your data

A previously unknown threat group using tried-and-tested social engineering tactics - Microsoft Teams chat invitations and ...

Bitwarden CLI npm package compromised to steal developer credentials

The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects.
The Hacker News

UNC6692 Impersonates IT Help Desk via Microsoft Teams to Deploy SNOW Malware

UNC6692 has been attributed to a large email campaign that's designed to overwhelm a target's inbox with a flood of spam ...