Dark Reading

Python-Based Malware Slithers Into Systems via Legit VS Code

A known Chinese advanced persistent threat (APT) group known as Mustang Panda is the likely culprit behind a sophisticated, ongoing cyber-espionage campaign. It starts with a malicious email, and ...
Dark Reading

'BlazeStealer' Python Malware Allows Complete Takeover of Developer Machines

Malicious Python packages masquerading as legitimate code obfuscation tools are targeting developers via the PyPI code repository. Focusing on those interested in code obfuscation is a savvy choice ...
Arabian Post

InvisibleFerret shift raises developer risks

North Korea-linked hackers have upgraded the InvisibleFerret malware to bypass script-based security tools, converting its Python code into compiled modules that are harder for defenders to inspect ...
Decrypt

Shai-Hulud: What to Know About the Malware Spreading Through Software Pipelines

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.
Bleeping Computer

Malicious PyPi package hides RAT malware, targets Discord devs since 2022

A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three ...
Hosted on MSN

Popular PyPI package hacked to deliver infostealing malware

A widely used open-source PyPI package, elementary-data, was compromised in a targeted attack that inserted infostealer malware via a GitHub Actions vulnerability. The malicious update, version 0.23.3 ...
Bleeping Computer

JDownloader site hacked to replace installers with Python RAT malware

The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows and Linux installers, with the Windows payload found deploying a Python-based ...