News

The Hacker News8d

PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks

PyPI unverified 1,800 emails since June 2025 to block expired-domain attacks, strengthening open-source supply chain security.
The Hacker News8d

Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks

PyPI malware termncolor and colorinal downloaded 884 times exploit DLL side-loading, persistence, and C2 communication.
CryptoNewsZ13d

Binance Exposes North Korean Crypto Infiltration Campaign

Binance warns that North Korean hackers use fake jobs, deepfakes, and code poisoning to infiltrate crypto firms, fuelling ...
InfoWorld8mon

3 takeaways from the Ultralytics AI Python library hack

The Ultralytics AI library hack points to critical vulnerabilities in the Python ecosystem—but not where you might think. Here's what developers need to know.
Bleeping Computer8mon

Russian hackers use RDP proxies to steal data in MiTM attacks

The hackers use a Python "man-in-the-middle" MitM red team tool called PyRDP to intercept all communication between the victim and the remote session, allowing the connection to appear legitimate.
Bleeping Computer10mon

European govt air-gapped systems breached using custom malware

An APT hacking group known as GoldenJackal has successfully breached air-gapped government systems in Europe using two custom toolsets to steal sensitive data, like emails, encryption keys, images ...