The Hacker News

Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems

North Korea-linked Lazarus campaign spreads malicious npm and PyPI packages via fake crypto job offers, deploying RATs and ...
The Hacker News

Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Compromised dYdX npm and PyPI packages delivered wallet-stealing malware and a RAT via poisoned updates in a software supply chain attack.
TechJuice

Open Source Malware Surges Nearly 73% in 2025, Cybersecurity Report Shows

Open source malware surged 73% in 2025, with npm as a key target with rising risks in software supply chains and developer environments.
Techzine Europe

AI hallucinates in 28 percent of dependency upgrades

AI that recommends dependency upgrades without checking actual sources creates a dangerous situation. New research shows that 27.76 percent of ...
TweakTown

How to Boost Your Download Speed: 7 Easy Fixes That Work

Hate waiting forever for a big game, software update, or important file to finish downloading? While slow internet might be the culprit, it's not always the only reason. Before blaming your ISP, you ...
Infosecurity-magazine.com

Chinese AI Villager Pen Testing Tool Hits 11,000 PyPI Downloads

A new AI-native penetration testing tool called Villager has reached nearly 11,000 downloads on the Python Package Index (PyPI) just two months after release. The framework, developed by the ...
TechRepublic

Malware Injected Into Code Packages That Get 2 Billion+ Downloads Each Week

Malware Injected Into Code Packages That Get 2 Billion+ Downloads Each Week Your email has been sent An attack targeting the Node.js ecosystem was just identified ...
InfoWorld

Python popularity boosted by AI coding assistants – Tiobe

Python maintains its runaway top ranking in the Tiobe index of programming language popularity, while older languages continue to rise. Perl surprises. Python, the highest-ranking language ever in the ...
Geeky Gadgets

Find ALL Your iPhone Downloads in 2 Clicks (It’s That Easy!)

Finding downloaded files on your iPhone can sometimes be challenging, even with its efficient file management system. The process may feel unintuitive at first, but with the right steps, you can ...
Infosecurity-magazine.com

New Malware on PyPI Poses Threat to Open-Source Developers

A newly uncovered malicious package on the Python Package Index (PyPI) has raised fresh concerns about the security of open source software repositories. The package, named “dbgpkg,” was discovered by ...
Bleeping Computer

Malicious PyPi package hides RAT malware, targets Discord devs since 2022

A malicious Python package targeting Discord developers with remote access trojan (RAT) malware was spotted on the Python Package Index (PyPI) after more than three ...
GitHub

Proposal: Add support for private packages via token-authenticated downloads

I’d like to suggest an enhancement to PyPI: supporting private packages, accessible only via authentication using the existing token system. Currently, PyPI allows token-based upload permissions, but ...