Technology Ultralytics AI model hijacked to infect thousands with cryptominer Dec 6, 2024 bleepingcomputer.com The popular Ultralytics YOLO11 AI model was compromised in a supply chain attack to deploy cryptominers on devices running versions…
Cyber Security Faux ChatGPT, Claude API Packages Deliver JarkaStealer Nov 22, 2024 darkreading.com Attackers are betting that the hype around generative AI (GenAI) is attracting less technical, less cautious developers who might be…
Technology Malicious PyPI package with 37,000 downloads steals AWS keys Nov 9, 2024 bleepingcomputer.com A malicious Python package named 'fabrice' has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web…
Cyber Security The Unsolvable Problem: XZ and Modern Infrastructure Oct 19, 2024 cyberdefensemagazine.com The ongoing prevalence (and rise) of software supply chain attacks is enough to keep any software developer or security analyst…
Cyber Security Citrine Sleet Poisons PyPI Packages With Mac & Linux Malware Sep 20, 2024 darkreading.com A North Korean advanced persistent threat (APT) actor (aka Gleaming Pisces) tried to sneak simple backdoors into public software packages.
Cyber Security Ransomware Gangs Pummel Southeast Asia Sep 1, 2024 darkreading.com Successful ransomware attacks against organizations in Asia continue at peak levels in 2024 following a wave of high-profile data breaches…
Technology PyPi package backdoors Macs using the Sliver pen-testing suite May 13, 2024 bleepingcomputer.com A new package mimicked the popular 'requests' library on the Python Package Index (PyPI) to target macOS devices with the Sliver…
Cyber Security GitGuardian Researchers Find Thousands of Leaked Secrets in PyPI (Python Package Index) Packages Apr 27, 2024 cyberdefensemagazine.com By Dwayne McDaniel, GitGuardian Developer and Security Advocate, GitGuardian The modern world of DevOps means relying on our code connecting…
Technology PyPI suspends new user registration to block malware campaign Mar 28, 2024 bleepingcomputer.com The Python Package Index (PyPI) has temporarily suspended user registration and the creation of new projects to deal with an…
Technology Hackers poison source code from largest Discord bot platform Mar 25, 2024 bleepingcomputer.com The Top.gg Discord bot community with over 170,000 members has been impacted by a supply-chain attack aiming to infect developers…
Ultralytics AI model hijacked to infect thousands with cryptominer
The popular Ultralytics YOLO11 AI model was compromised in a supply chain attack to deploy cryptominers on devices running versions…
Faux ChatGPT, Claude API Packages Deliver JarkaStealer
Attackers are betting that the hype around generative AI (GenAI) is attracting less technical, less cautious developers who might be…
Malicious PyPI package with 37,000 downloads steals AWS keys
A malicious Python package named 'fabrice' has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web…
The Unsolvable Problem: XZ and Modern Infrastructure
The ongoing prevalence (and rise) of software supply chain attacks is enough to keep any software developer or security analyst…
Citrine Sleet Poisons PyPI Packages With Mac & Linux Malware
A North Korean advanced persistent threat (APT) actor (aka Gleaming Pisces) tried to sneak simple backdoors into public software packages.
Ransomware Gangs Pummel Southeast Asia
Successful ransomware attacks against organizations in Asia continue at peak levels in 2024 following a wave of high-profile data breaches…
PyPi package backdoors Macs using the Sliver pen-testing suite
A new package mimicked the popular 'requests' library on the Python Package Index (PyPI) to target macOS devices with the Sliver…
GitGuardian Researchers Find Thousands of Leaked Secrets in PyPI (Python Package Index) Packages
By Dwayne McDaniel, GitGuardian Developer and Security Advocate, GitGuardian The modern world of DevOps means relying on our code connecting…
PyPI suspends new user registration to block malware campaign
The Python Package Index (PyPI) has temporarily suspended user registration and the creation of new projects to deal with an…
Hackers poison source code from largest Discord bot platform
The Top.gg Discord bot community with over 170,000 members has been impacted by a supply-chain attack aiming to infect developers…