The Hacker News

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

North Korea-linked Lazarus campaign spreads malicious npm and PyPI packages via fake crypto job offers, deploying RATs and ...
TechSpot

More than 100,000 GitHub repositories found spreading malicious packages

Facepalm: GitHub serves as a colossal hub for software development, hosting nearly half a billion code projects created by hundreds of millions of developers worldwide. Given its extensive reach and ...
WeLiveSecurity

A pernicious potpourri of Python packages in PyPI

PyPI is popular among Python programmers for sharing and downloading code. Since anyone can contribute to the repository, malware – sometimes posing as legitimate, popular code libraries – can appear ...
The Hacker News

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.
Ars Technica

10 malicious Python packages exposed in latest repository attack

Researchers have discovered yet another set of malicious packages in PyPi, the official and most popular repository for Python programs and code libraries. Those duped by the seemingly familiar ...