Top open source PyPI package with over 1 million downloads each month hacked to send out malware

This was not a case of stolen credentials, but rather of vulnerability exploitation.
Techzine Europe

Malicious Python package poses new supply chain threat

The open-source package elementary-data, with over a million downloads per month, has been compromised. Attackers exploited a vulnerability in a GitHub ...

Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...
How-To Geek on MSN

10 VS Code extensions I can't live without

Try these extensions and you'll wonder how you ever lived without them!
Cybernews

Hackers dodging security tools by dropping secret QEMU virtual machines inside Windows

Hackers are dodging Windows security tools by running secret Linux virtual machines with QEMU, an open-source virtualizer.