Open source package with 1 million monthly downloads stole user credentials

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a ...

PyPI package with 1.1M monthly downloads hacked to push infostealer

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive ...
MIT Technology Review

The Download: murderous ‘mirror’ bacteria, and Chinese workers fighting AI doubles

Using lessons from the ISS, NASA has partnered with private companies to develop new commercial space stations for research, ...

How Project Maven taught the military to love AI

A Marine Colonel, His Team, and the Dawn of AI Warfare, journalist Katrina Manson investigates the development of Maven from ...
Graham Cluley

Smashing Security podcast #463: This AI company leaked its own code. It’s also built something terrifying

A hacking group claims to have broken into the flood defence system protecting Venice’s Piazza San Marco – and is offering to ...

Top open source PyPI package with over 1 million downloads each month hacked to send out malware

This was not a case of stolen credentials, but rather of vulnerability exploitation.
GitHub

Using Metasploit.md

Creating a comfort zone Creating risk by having tools be publicly available Creating tunnel vision mindset "If tool can't, I can't" HTB Argues for pentesters in a commercial environment: Time=Money ...