The Hacker News

npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels

Researchers expose Discord webhook C2 in npm, PyPI, RubyGems; North Korean actors published 338 malicious npm packages with ...

Pythonになりたくて仕方ないJava、それでも入門やAI開発に向かない ...

Pythonは特に「プログラミング入門」と「AI開発」の2つの分野で確固たる地位を築いている。対照的にJavaはこれら2つの分野が特に弱い。そこで最近のJavaはこうした分野向けの機能をなんとか盛り込もうとしている。まるでPythonの人気に憧れ、P ...
The Hacker News

Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown

Malicious PyPI package soopsocks downloaded 2,653 times before takedown, exfiltrating Windows data to Discord.

From infostealer to full RAT: dissecting the PureRAT attack chain

Researchers map a campaign that escalated from a Python infostealer to a full PureRAT backdoor — loaders, evasions, and ...
Arabian Post on MSN

Massive npm-Based Phishing Network Exposed Under “Beamglea” Campaign

A worm-like campaign named Shai-Hulud has been flagged, targeting widely used packages and propagating itself by harvesting secrets and inserting backdoors. It operates across npm accounts, installing ...