The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
cybernews

Malicious campaign targeting vulnerable OpenWebUI servers: technical analysis

During an investigation into exposed OpenWebUI servers, the Cybernews research team identified a malicious campaign targeting vulnerable OpenWebUI servers with cryptocurrency miners and Info Stealers.
CSOonline

14 old software bugs that took way too long to squash

As these examples show, vulnerabilities can lurk within production code for years or decades—and attacks can come at any time. In 2021, a vulnerability was revealed in a system that lay at the ...
Bitdefender

Lazarus Group Targets Organizations with Sophisticated LinkedIn Recruiting Scam

Bitdefender Labs warns of an active campaign by the North Korea-linked Lazarus Group, targeting organizations by capturing credentials and delivering malware through fake LinkedIn job offers. LinkedIn ...
WeLiveSecurity

PlushDaemon compromises supply chain of Korean VPN service

ESET researchers provide details on a previously undisclosed China-aligned APT group that we track as PlushDaemon and one of its cyberespionage operations: the supply-chain compromise in 2023 of VPN ...
InfoWorld

Get started with the free-threaded build of Python 3.13

An experimental ‘no-GIL’ build mode in Python 3.13 disables the Global Interpreter Lock to enable true parallel execution in Python. Here’s where to start. The single biggest new feature in Python ...
Bitdefender

Deep Dive Into DownEx Espionage Operation in Central Asia

The domain and IP addresses involved do not appear in any previously documented incidents, and the malware does not share any code similarities with previously known malicious software. Since this ...