Security researchers have discovered a simple and troubling way for attackers to distribute malicious payloads via the PyPI package repository. All that the technique involves is re-registering a ...

North Korea-linked Lazarus campaign spreads malicious npm and PyPI packages via fake crypto job offers, deploying RATs and data-stealing malware.

Attackers uploaded fake Python packages to PyPI that posed as Bitcoinlib tools and targeted wallet data. The malware infected crypto development environments, stole private keys and seed phrases and ...

One of North Korea's most sophisticated threat groups has been hiding remote access malware for macOS and Linux inside of open source Python packages. North Korean advanced persistent threats (APTs) ...

The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials. Accessible at pypi.org, PyPI is the default ...

Recent npm and PyPI attacks underscore the urgency for more trusted open-source dependencies across civilian agencies. Chainguard’s research, which analyzes thousands of malicious packages, shows that ...

According to cybersecurity firm Hacken, financial losses from crypto hacks topped $440 million in the third quarter of 2024. Researchers at the Checkmarx cybersecurity firm sounded the alarm on a ...

The Python Software Foundation warned users this week that threat actors are trying to steal their credentials in phishing attacks using a fake Python Package Index (PyPI) website. PyPI is a ...