New Shai-Hulud attack trojanizes 19 science-focused PyPI packages

Hackers compromised 19 packages on the PyPI, collectively downloaded hundreds of thousands of times, in a new Shai-Hulud ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...

Protect your enterprise now from the Shai-Hulud worm and npm vulnerability in 6 actionable steps

TanStack had 2FA, OIDC publishing, and Sigstore provenance on every release. The Mini Shai-Hulud worm published 84 malicious versions anyway. The CI/CD Trust-Chain Audit Grid maps the six gaps it ...
Ubuntu

How to Fix Copy Fail (CVE-2026-31431) Vulnerability on Ubuntu and Linux Mint

On April 29, 2026, security researchers at Theori and Xint Code publicly disclosed CVE-2026-31431, a Linux kernel privilege escalation vulnerability they named Copy Fail. Any unprivileged local user ...
heise online

"Copy Fail": Linux root in all major distributions with 732 bytes of Python

IT researchers have discovered a vulnerability in the Linux kernel that attackers can exploit to gain root privileges. The discoverers have named the vulnerability “Copy Fail.” Virtually all Linux ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. As of writing, ...
cybernews

One tiny exploit gives full Linux access: all kernels since 2017 are vulnerable

All Linux kernels released after 2017 are vulnerable to critical privilege escalation bugs. A tiny 732-byte exploit grants root privileges across all major Linux distributions, with containerized ...
GitHub

Socket Module and DateTime Module Overview

print("Before diving into any module, use help() to get documentation:") print(" help(socket) - Shows all socket module functions and classes") print(" help(datetime ...
TechRadar

Gmail servers hijacked by malicious PyPI packages to spread havoc - here's how to stay safe

Socket found seven malicious packages on PyPI The packages were abusing Gmail and WebSocket They were removed from the platform Several malicious PyPI packages were recently observed abusing Gmail to ...
TechRadar

Malicious Python packages are stealing vital data, and have been downloaded thousands of times already

Researchers found three malicious PyPI packages, two targeting bitcoin developers, and one WooCommerce stores Two are designed to steal data, and the third to test for valid credit cards All three ...
WeLiveSecurity

DeceptiveDevelopment targets freelance developers

Cybercriminals have been known to approach their targets under the guise of company recruiters, enticing them with fake employment offers. After all, what better time to strike than when the potential ...
TechSpot

Hidden backdoor in Go package remained undetected for years

The big picture: The Go programming language was designed to offer a C-like syntax while prioritizing memory safety and security. Also known as Golang, Go has been growing in popularity among both ...