News

The Hacker News2d

20 Popular npm Packages With 2 Billion Weekly Downloads Compromised in Supply Chain Attack

According to ReversingLabs' 2025 Software Supply Chain Security Report, 14 of the 23 crypto-related malicious campaigns in ...

Hackers hijack npm packages with 2 billion weekly downloads in supply chain attack

In a supply chain attack, attackers injected malware into NPM packages with over 2.6 billion weekly downloads after ...
InfoWorld9mon

3 takeaways from the Ultralytics AI Python library hack

When attackers compromised Ultralytics YOLO, a popular real-time object detection machine-learning package for Python, most assumed the Python Package Index, or PyPI, must be the point of failure.

Google Confirms It Was Hacked After ‘Vishing’ Cyberattack; Is Your Data Compromised? Here’s What We Know

Per the Google Threat Intelligence Group report, the cybercrooks deployed a technique called ‘Vishing’ which is essentially ‘voice phishing.’ The hacker group would impersonate IT staff in this social ...
CoinDesk2mon

North Korean Hackers Are Targeting Top Crypto Firms With Malware Hidden in Job Applications

A North Korean hacking group is targeting crypto workers with a Python-based malware disguised as part of a fake job application process, researchers at Cisco Talos said earlier this week. Most ...
InfoWorld9mon

The Python AI library hack that didn’t hack Python

There are some critical takeaways from the Ultralytics AI Python library hack, but they're not the ones you might expect. Also, 10 tips for making Python faster and a look at uv—the all-in-one Python ...

Hackers steal data from Salesforce instances in widespread campaign

Google researchers say the hackers abused a third-party tool in an attack spree designed to harvest credentials.