SecurityWeek

Over 100 NPM, PyPI Packages Hit in New Shai-Hulud Supply Chain Attacks

Over 100 NPM and PyPI packages were injected with malicious code in the Miasma and Hades Shai-Hulud supply chain attack ...

For the 2nd time in weeks, Microsoft packages laced with credential stealer

Dozens of cryptographically verified open source packages from Microsoft were compromised late last week to add advanced credential-stealing code that was triggered when developers opened them in AI ...
Dark Reading

'Hades' Campaign Against PyPI Puts New Spin on Shai-Hulud

Threat actors have struck the software supply chain yet again, this time hitting the Python Package Index (PyPI) with Mini Shai-Hulud in an attempt to spread poisoned code. In the latest campaign, ...
winbuzzer.com

Perplexity Lets AI Agents Write Their Own Search Code

Perplexity introduced Search as Code as a reference architecture for AI-written Python search workflows, following its 2025 real-time Search API. The new approach shifts the pitch from repeatedly ...
The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel ...
Meduza

Russia’s federal censor denies blocking Python’s package index as developers scramble for workarounds

On Monday, Russian users found they could no longer reach PyPI, the package repository that Python developers rely on for ...
Hosted on MSN

Gmail servers hijacked by malicious PyPI packages to spread havoc - here's how to stay safe

Socket found seven malicious packages on PyPI The packages were abusing Gmail and WebSocket They were removed from the platform Several malicious PyPI packages were recently observed abusing Gmail to ...
The Hacker News

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

TrapDoor spread 34 malicious packages across npm, PyPI, and Crates.io, stealing developer credentials and enabling persistence.
9to5Mac

Apple shares iPhone and Mac post-quantum cryptography code on GitHub

Apple today published new corecrypto source code on GitHub, alongside a detailed technical post explaining the intricate work behind its post-quantum cryptography efforts across iPhone, Mac, and more.

Four AI supply-chain attacks in 50 days exposed the release pipeline red teams aren't covering

Four supply-chain attacks hit OpenAI, Anthropic, and Meta in 50 days — none inside the model. A 7-row matrix maps what AI vendor questionnaires are missing.
Live Science

Scientists create new type of encryption that protects video files against quantum computing attacks

Computer scientists say they've developed a new encryption method designed to defend sensitive data from one of the biggest looming threats in cybersecurity: quantum computers powerful enough to crack ...
Popular Mechanics

Here’s How to Encrypt Your Whole External Backup Drive to Keep Your Files Safe

Nobody who values the files on their computer should be without at least two regularly updated methods for backing them up. External drives are perfect for this. You can plug them into your computer, ...