PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...
SecurityWeek

UNC6692 Uses Email Bombing, Social Engineering to Deploy ‘Snow’ Malware

The threat actor infected victims with the Snow malware family – Snowbelt, Snowglaze, and Snowbasin – for persistent access.

GlassWorm malware attacks return via 73 OpenVSX "sleeper" extensions

A new wave of the Glassworm campaign is targeting the OpenVSX ecosystem with 73 "sleeper" extensions that turn malicious ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...
Decrypt

Malicious Web Pages Are Hijacking AI Agents, And Some Are Going After Your PayPal

Google's security team scanned billions of web pages and found real payloads designed to trick AI agents into sending money, ...

This New Android Spyware Uses a WhatsApp Trick to Hand Over Your Account

The post This New Android Spyware Uses a WhatsApp Trick to Hand Over Your Account appeared first on Android Headlines.