According to Socket, malicious payment SDK packages on npm and PyPI are harvesting developer credentials and CI/CD ...
A campaign active since last November has been targeting Python developers building Telegram bots with trojanized Pyrogram ...
Every Python developer knows some or all of these libraries, because they’re stable, reliable, and excellent at what they do.
Vienna, Austria, June 25, 2026 — digna, the European data quality and observability platform, today announced the release of digna 2026.06, introducing a new Python SDK and Docker deployment support ...
Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...
On May 11, 2026, a self-replicating worm called Mini Shai-Hulud quietly slipped into 42 widely used TanStack open-source packages, corrupting 84 npm artifacts before anyone noticed. Within hours, the ...
Any development environment that installed or imported one of the 172 compromised npm or PyPI packages published since May 11 should be treated as potentially compromised. On affected developer ...
QR codes that were once seen as a convenient shortcut for checking menus or paying bills have increasingly been turned into weapons. Fake delivery texts, counterfeit payment links and malicious codes ...
Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to be the world’s biggest supply-chain attack ever. “Sorry everyone, I should ...
GitGuardian has disclosed a new software supply chain attack campaign, dubbed GhostAction, that exfiltrated thousands of sensitive credentials before being detected and contained on September 5. The ...