Dark Reading

'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud

Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...
theblock

Researchers flag TrapDoor malware campaign targeting crypto developer environments including Aptos, Sui and Solana

The TrapDoor malware campaign has targeted crypto developer environments tied to Aptos, Sui, and Solana through more than 34 malicious packages and over 384 related versions across npm, PyPI, and ...
CoinTelegraph

‘TrapDoor’ malware targets crypto dev tools in supply chain attack

Socket says a campaign of malicious packages is aiming to steal crypto and is injecting hidden instructions that hijack popular AI coding assistants. An active supply chain attack is targeting crypto ...
BroBible

‘Slithery Situation’: Florida Woman Drives To Fire Station With Python Trapped Inside Her Car’s Dashboard

When a South Florida pet python owner discovered her snake inside her car’s dashboard, she drove to a nearby fire station for help getting it out. The python had somehow managed to burrow itself deep ...
heise online

"Copy Fail": Linux root in all major distributions with 732 bytes of Python

IT researchers have discovered a vulnerability in the Linux kernel that attackers can exploit to gain root privileges. The discoverers have named the vulnerability “Copy Fail.” Virtually all Linux ...
GitHub

Veeder-Root TLS Socket Library

This is an unofficial Python sockets wrapper for querying Veeder-Root automatic tank gauges remotely through the Internet. This wrapper is primarily made to support ...
Infosecurity-magazine.com

TeamPCP Targets Telnyx Package in Latest PyPI Software Supply Chain Attack

TeamPCP has again expanded its supply chain attacks on open-source repositories by targeting Telnyx, according to security researchers. The cyber threat group recently rose to notoriety by uploading ...
CNX Software

Inkplate 13SPECTRA 13.3-inch E-ink Spectra smart color display supports Arduino, MicroPython, ESPHome (Crowdfunding)

Soldered Electronics has made ESP32-based e-paper displays for years, starting with the launch of the Inkplate 6 in 2019. The Inkplate 13SPECTRA is their latest model based on an ESP32-S3 WiFi and ...
Infosecurity-magazine.com

AI Hallucinations Create “Slopsquatting” Supply Chain Threat

Developers relying on large language models (LLMs) to build code could unwittingly be exposing themselves to a new type of supply chain attack, security experts have warned. “Slopsquatting” was first ...
CSOonline

AI hallucinations lead to a new cyber threat: Slopsquatting

Cybersecurity researchers are warning of a new type of supply chain attack, Slopsquatting, induced by a hallucinating generative AI model recommending non-existent dependencies. According to research ...
The Hacker News

Malicious Python Packages on PyPI Downloaded 39,000+ Times, Steal Sensitive Data

Cybersecurity researchers have uncovered malicious libraries in the Python Package Index (PyPI) repository that are designed to steal sensitive information and test stolen credit card data. "The ...