August 11, 2024 at 06:27AM Researchers found a malicious package on PyPI that poses as a Solana blockchain library to steal user secrets. The fraudulent “solana-py” package was downloaded 1,122 times before being removed. It mimicked the legitimate “solana” package and harvested wallet keys. The attack highlights supply chain risks and the abuse of legitimate … Read more
August 1, 2024 at 03:47PM Malicious Python packages were added to the PyPI repository and promoted via the StackExchange platform. The code was harmful and posed a threat to users’ systems. Based on the meeting notes, it appears that threat actors have uploaded malicious Python packages to the PyPI repository and promoted them through the … Read more
June 6, 2024 at 02:24AM A malicious Python package called crytic-compilers was discovered on the Python Package Index, posing as a legitimate library named crytic-compile. It was designed to deliver an information stealer called Lumma. Additionally, more than 300 WordPress sites have been compromised with malicious Google Chrome update pop-ups, leading to the deployment of … Read more
May 21, 2024 at 07:09AM A critical security flaw in the llama_cpp_python Python package (CVE-2024-34359, codenamed Llama Drama) allows threat actors to execute arbitrary code, posing a risk to data and operations. Another high-severity flaw in Mozilla’s PDF.js library permits JavaScript execution in the PDF.js context. Both issues have been addressed in recent software updates. … Read more
March 25, 2024 at 07:07AM The attacker used multiple techniques, such as distributing harmful dependencies through a fake Python infrastructure associated with GitHub projects. Based on the meeting notes, it appears that the attacker used multiple techniques, such as distributing malicious dependencies through a fake Python infrastructure connected to GitHub projects. This suggests a sophisticated … Read more
February 29, 2024 at 11:35AM Approximately 100 machine learning models were discovered on the Hugging Face platform, posing a risk of allowing attackers to inject malicious code onto user machines. JFrog’s ongoing research found malicious PyTorch models with potentially harmful payloads, highlighting the need for constant vigilance and proactive security measures to safeguard AI/ML engineers … Read more
January 5, 2024 at 08:15AM The Ultimate 2020 White Hat Hacker Certification Bundle offers 10 courses taught by cybersecurity experts Nathan House and Joe Parys. The program covers various topics in ethical hacking, network security, Python for web applications, Nmap for network security checks, and certifications like CompTIA’s PenTest+ and Cybersecurity Analyst. Available for $39.99, … Read more