Infosecurity-magazine.com

Compromised AI Library Delivers Cryptocurrency Miner via PyPI

A compromised version of the popular ultralytics AI library has been found to deliver a cryptocurrency mining payload. ReversingLabs researchers traced the issue to a breach of the library’s build ...
Infosecurity-magazine.com

Malicious Package on PyPI Hides Behind Image Files, Spreads Via GitHub

A new malicious package has been found on the Python Package Index (PyPI) repository that could hide code in images with a steganographic technique and infect users through open-source projects on ...
Bleeping Computer

Fake VMware vConnector package on PyPI targets IT pros

A malicious package that mimics the VMware vSphere connector module ‘vConnector’ was uploaded on the Python Package Index (PyPI) under the name ‘VMConnect,’ targeting IT professionals. VMware vSphere ...

Claude can be tricked into sending your private company data to hackers - all it takes is some kind words

Wunderwuzzi showed he was able to trick Claude into reading private user data, save that data inside the sandbox, and upload ...
Bleeping Computer

PyPI adds project archiving system to stop malicious updates

The Python Package Index (PyPI) has announced the introduction of ‘Project Archival,’ a new system that allows publishers to archive their projects, indicating to the users that no updates are to be ...

The Python Software Foundation has turned down a $1.5 million US government grant amid ethical concerns

$1.5 Million is no small amount of money to turn down, especially in the form of a US government grant. However, the Python ...
Ars Technica

More malicious packages posted to online repository. This time it’s PyPI

Researchers have uncovered yet another supply chain attack targeting an open source code repository, showing that the technique, which has gained wide use in the past few years, isn’t going away any ...