Bleeping Computer

PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. The dangerous release is 0.23.3, ...
Ars Technica

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys ...
GitHub

Azure Connectors Python SDK

Type-safe Python clients for Azure connectors — call Office 365, SharePoint, Teams, Dataverse, and 1,000+ connectors directly from Azure Functions and other Python apps. This SDK is currently in early ...
Yahoo Finance

When you're on the go, go with the world's #1 finance destination

Stay ahead of the market with features that give you a competitive edge like personalized alerts, earnings reminders, real-time market data, so you're ready to take action when the markets move.
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. As of writing, ...
The Hacker News

Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs

Cybersecurity researchers have disclosed details of an intrusion that involved the use of a CloudZ remote access tool (RAT) and a previous undocumented plugin dubbed Pheno with the aim of facilitating ...