The Hacker News

New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials

DEEP#DOOR embeds a Python RAT in a dropper script, using bore[.]pub C2 to steal credentials and evade Windows defenses, ...

New Linux ‘Copy Fail’ flaw gives hackers root on major distros

An exploit has been published for a local privilege escalation vulnerability dubbed "Copy Fail" that impacts Linux kernels ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

Malicious Lightning 2.6.2/2.6.3 released April 30 enable credential theft via hidden payload, leading to PyPI quarantine and ...
Hosted on MSN

PyPI package hack exposes developers to credential theft

A widely used PyPI package, 'elementary-data', was compromised through a malicious update that inserted infostealer code via a GitHub Actions workflow. The breach potentially exposed SSH keys, cloud ...

Top open source PyPI package with over 1 million downloads each month hacked to send out malware

This was not a case of stolen credentials, but rather of vulnerability exploitation.