TrapDoor Hits npm, PyPI and Crates.io With AI Config Poisoning
TrapDoor spreads malicious packages through npm, PyPI and Crates.io, steals developer secrets,…
Mini Shai-Hulud Hits TanStack npm Packages With Signed Malware
Mini Shai-Hulud abused trusted publishing to ship malicious TanStack npm packages with…
PyPI ZiChatBot Packages Linked to Suspected OceanLotus Campaign
Kaspersky reports a suspected OceanLotus campaign that used malicious PyPI packages to…
Slopsquatting: New Malware Spreading Technique Targeting AI Assisted Developers
Slopsquatting is a new type of cyber threat that takes advantage of…
Python JSON Logger Vulnerability Exposes Millions of Users
The CVE-2025-27607 vulnerability was discovered in Python JSON Logger. Its exploitation required…
Aiocpa PyPI Package Targets Crypto Wallets
A malicious package named aiocpa was identified on the Python Package Index…