Forbes

How To Learn Python For Free: 10 Online Resources

Send a note to Doug Wintemute, Kara Coleman Fields and our other editors. We read every email. By submitting this form, you agree to allow us to collect, store, and potentially publish your provided ...
TechRadar

JSON services hijacked by North Korean hackers to send out malware

Lazarus Group used JSON storage services to host malware in the Contagious Interview campaign targeting developers Attackers lured victims via fake LinkedIn job offers, delivering BeaverTail, ...
Infosecurity-magazine.com

Banana Squad’s Stealthy GitHub Malware Campaign Targets Devs

A new campaign exploiting GitHub to distribute malicious Python code disguised as legitimate hacking tools has been uncovered by cybersecurity researchers. The operation, tied to the group known as ...
CSOonline

Poisoned models in fake Alibaba SDKs show challenges of securing AI supply chains

Fake Alibaba Labs AI SDKs hosted on PyPI included PyTorch models with infostealer code inside. With support for detecting malicious code inside ML models lacking, expect the technique to spread.
The Hacker News

FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites

The financially motivated threat actor known as FIN7 has been linked to a Python-based backdoor called Anubis (not to be confused with an Android banking trojan of the same name) that can grant them ...
theregister

GitHub supply chain attack spills secrets from 23,000 projects

It's not such a happy Monday for defenders wiping the sleep from their eyes only to deal with the latest supply chain attack. StepSecurity disclosed a compromise of the popular GitHub Action ...
GitHub

A flexible Python implementation for encoding and decoding data using various base-N encodings (e.g., Base64, Base32, Base16, Base4096, etc.). The implementation supports ...

Note: If you are looking for a faster, more robust implementation for standart encodings, use the standard library. This library goal is to provide a flexible implementation for custom base-N ...
WeLiveSecurity

PlushDaemon compromises supply chain of Korean VPN service

ESET researchers provide details on a previously undisclosed China-aligned APT group that we track as PlushDaemon and one of its cyberespionage operations: the supply-chain compromise in 2023 of VPN ...
Microsoft

Announcing the Adaptive Prompt Injection Challenge (LLMail-Inject)

We are excited to introduce LLMail-Inject, a new challenge focused on evaluating state-of-the-art prompt injection defenses in a realistic simulated LLM-integrated email client. In this challenge, ...
The Hacker News

PyPI Attack: ChatGPT, Claude Impersonators Deliver JarkaStealer via Python Libraries

Cybersecurity researchers have discovered two malicious packages uploaded to the Python Package Index (PyPI) repository that impersonated popular artificial intelligence (AI) models like OpenAI ...
Infosecurity-magazine.com

Lazarus Group Targets Developers in Fresh VMConnect Campaign

Lazarus Group has been observed continuing its VMConnect campaign by targeting developers with new malicious software packages on open source repositories, according to ReversingLabs. The researchers ...