News

Malicious Python packages are stealing vital data, and have been downloaded thousands of times already
Researchers found three malicious PyPI packages, two targeting bitcoin developers, and one WooCommerce stores Two are designed to steal data, and the third to test for valid credit cards All three ...
CCN on MSN6d
Bitcoinlib Malware Alert: How Fake Python Packages Targeted Crypto Wallets
Attackers uploaded fake Python packages to PyPI that posed as Bitcoinlib tools and targeted wallet data. The malware infected ...
The Hacker News14h
GCP Cloud Composer Bug Let Attackers Elevate Access via Malicious PyPI Packages
GCP’s ConfusedComposer flaw let attackers escalate privileges via PyPI packages; patched by Google on April 13.
The Hacker News7d
Malicious PyPI Package Targets MEXC Trading API to Steal Credentials and Redirect Orders
Cybersecurity researchers have disclosed a malicious package uploaded to the Python Package Index (PyPI) repository that's ...
WinBuzzer2d
Pydantic Releases Sandboxed Python Execution Server for AI Agents via Model Context Protocol
Developers can now use Pydantic's mcp-run-python server, distributed via JSR, to allow AI agents to execute Python code with ...
Carding tool abusing WooCommerce API downloaded 34K times on PyPI
A newly discovered malicious PyPi package named 'disgrasya' that abuses legitimate WooCommerce stores for validating stolen ...
AI-hallucinated code dependencies become new supply chain risk
A new class of supply chain attacks named 'slopsquatting' has emerged from the increased use of generative AI tools for ...
Crypto News7d
New Phishing Scheme Targets Crypto Futures On MEXC Exchange
The JFrog Security Research team has found a malicious package targeting crypto futures trading on the MEXC exchange.