The Hacker News

Hades PyPI Attack: 19 Packages Poisoned to Auto-Run Bun Credential Stealer

The Miasma supply chain campaign has sparked a fresh attack wave called Hades, this time involving 37 malicious wheel artifacts across 19 packages in the Python Package Index (PyPI) registry, as the ...
note

⚓ [MT4 x Python] ZMQ Integration to Break Through the Limits of Automated Trading: A Record of Opening a Direct Pipeline to Build a 'Foundation for Verification' in a Legacy ...

🧭 Prologue: Why Return to the Old-Generation 'MT4' Now? We at 'Semura Lab' have always pursued the optimal and most powerful system environment to cross the sea of information and extract profits ...
theblock

Researchers flag TrapDoor malware campaign targeting crypto developer environments including Aptos, Sui and Solana

The TrapDoor malware campaign has targeted crypto developer environments tied to Aptos, Sui, and Solana through more than 34 malicious packages and over 384 related versions across npm, PyPI, and ...
Microsoft

CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments

Microsoft Defender is investigating a high-severity local privilege escalation vulnerability (CVE-2026-31431) affecting multiple major Linux distributions including Red Hat, SUSE, Ubuntu, and AWS ...
techzine

Linux distributions worldwide targeted by the Copy Fail exploit

An exploit for the “Copy Fail” security vulnerability (CVE-2026-31431) in the Linux kernel has been made public. The vulnerability affects all major Linux distributions released since 2017 and grants ...
Bleeping Computer

New Linux ‘Copy Fail’ flaw gives hackers root on major distros

An exploit has been published for a local privilege escalation vulnerability dubbed “Copy Fail” that impacts Linux kernels released since 2017, allowing an unprivileged local attacker to gain root ...
heise online

"Copy Fail": Linux root in all major distributions with 732 bytes of Python

IT researchers have discovered a vulnerability in the Linux kernel that attackers can exploit to gain root privileges. The discoverers have named the vulnerability “Copy Fail.” Virtually all Linux ...
The Hacker News

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. As of writing, ...
cybernews

One tiny exploit gives full Linux access: all kernels since 2017 are vulnerable

All Linux kernels released after 2017 are vulnerable to critical privilege escalation bugs. A tiny 732-byte exploit grants root privileges across all major Linux distributions, with containerized ...
GitHub

Python SDK for OpenZiti

The Python SDK for OpenZiti is a library that enables you to integrate zero trust network connectivity into your Python applications, and establish secure connections with remote network resources ...
makeuseof

SFP+ is the best router feature you’re probably not using

Yadullah Abidi is a Computer Science graduate from the University of Delhi and holds a postgraduate degree in Journalism from the Asian College of Journalism, Chennai. With over a decade of experience ...
Bleeping Computer

From infostealer to full RAT: dissecting the PureRAT attack chain

An investigation into what appeared at first glance to be a “standard” Python-based infostealer campaign took an interesting turn when it was discovered to culminate in the deployment of a ...