The Hacker News

Alert: Malicious PyPI Package soopsocks Infects 2,653 Systems Before Takedown

Malicious PyPI package soopsocks downloaded 2,653 times before takedown, exfiltrating Windows data to Discord.
The Hacker News

175 Malicious npm Packages with 26,000 Downloads Used in Credential Phishing Campaign

Cybersecurity researchers have flagged a new set of 175 malicious packages on the npm registry that have been used to ...
Ars Technica

sending stdin over socket with Python - pickling question

Which program is pickling and why? That seems like a very strange thing to do in this situation. The only time to pickle something is if you need to represent a non-string object on disk, but Python ...

Malicious Rust packages on Crates.io steal crypto wallet keys

Two malicious packages with nearly 8,500 downloads in Rust's official crate repository scanned developers' systems to steal ...